Privacy Policy
Your privacy is our priority. Learn how we protect your information.
1. Introduction
Lou Malnati's ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, place orders, or interact with us in any way.
This policy applies to all information collected through our website (lou-malnatis.rest), mobile applications, phone orders, in-store visits, and any related services, sales, marketing, or events. By accessing or using our services, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Information You Provide
- Personal Identification Information: Name, email address, phone number, delivery address, billing address
- Account Information: Username, password (encrypted), order history, saved preferences
- Payment Information: Credit card details, billing information (securely processed through encrypted payment processors)
- Food-Related Information: Dietary preferences, allergen information, special dietary requirements (vegan, halal, kosher, gluten-free), favorite orders
- Contact Form Submissions: Messages, feedback, reviews, customer service inquiries
- Marketing Preferences: Email subscription status, communication preferences
- Loyalty Program Data: Points balance, rewards history, membership status
- Reservation Information: Table booking details, party size, special requests
- Catering Details: Event information, guest count, menu preferences, delivery instructions
2.2 Automatically Collected Information
- Device Information: IP address, browser type and version, operating system, device identifiers
- Usage Data: Pages visited, time spent on site, click patterns, search terms, referring websites
- Cookie Data: Session IDs, user preferences, shopping cart contents, analytics data
- Location Information: Approximate location derived from IP address for delivery zone determination
- Performance Data: Website loading times, error reports, feature usage statistics
2.3 Information from Third Parties
- Social Media: Profile information if you connect your social media accounts
- Payment Processors: Transaction confirmations, payment status updates
- Delivery Partners: Delivery status updates, driver information
- Marketing Partners: Campaign performance data, audience insights (aggregated)
- Review Platforms: Customer reviews and ratings from third-party sites
3. How We Use Your Information
3.1 Service Provision
- Order Processing: Preparing, confirming, and fulfilling your food orders
- Delivery Services: Coordinating delivery to your specified address
- Account Management: Creating and maintaining your user account, authentication
- Customer Support: Responding to inquiries, resolving issues, providing assistance
- Quality Improvement: Analyzing usage patterns to enhance our services and menu offerings
- Personalization: Customizing your experience based on preferences and order history
3.2 Communication
- Order Communications: Confirmation emails, preparation updates, delivery notifications
- Customer Support: Responses to your questions and support requests
- Important Notices: Policy changes, service updates, security alerts
- Marketing Communications: Promotional offers, new menu items, special events (with your consent only)
- Loyalty Program: Points updates, reward notifications, exclusive offers
3.3 Marketing and Analytics
- Personalized Advertising: Showing relevant ads based on your preferences and order history
- Traffic Analysis: Understanding website usage patterns and user behavior
- Campaign Effectiveness: Measuring the success of marketing campaigns
- Market Research: Developing new products and improving existing offerings
- Customer Insights: Understanding preferences to better serve our community
3.4 Legal Compliance
- Legal Requests: Responding to court orders, subpoenas, and legal processes
- Fraud Prevention: Detecting and preventing fraudulent transactions and activities
- Rights Protection: Protecting our rights, property, and safety, and that of our customers
- Dispute Resolution: Resolving conflicts and legal disputes
- Regulatory Compliance: Meeting food safety, tax, and business regulations
4. Information Sharing and Disclosure
4.1 Service Providers
- Payment Processors: Secure processing of credit card and online payments
- Delivery Companies: Third-party delivery services for order fulfillment
- Cloud Storage Providers: Secure data storage and backup services
- Email Marketing Services: Managing email campaigns and communications
- Analytics Tools: Website performance analysis and user behavior insights
- Customer Support Platforms: Managing customer service inquiries and responses
- POS Systems: Processing in-store orders and payments
4.2 Legal Requirements
- Court Orders: Compliance with subpoenas and legal orders
- Law Enforcement: Cooperation with police investigations when legally required
- Regulatory Compliance: Meeting health department and food safety requirements
- Public Safety: Protecting public health and safety in emergency situations
- Tax Authorities: Providing information to tax agencies as required by law
4.3 Business Transfers
In the event of a merger, acquisition, or sale of all or part of our business, customer information may be transferred to the new owner. We will notify you via email and/or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.
4.4 With Your Consent
We may share your information for any other purpose with your explicit consent, such as participating in joint promotions with partner restaurants or sharing testimonials with your permission.
5. Data Security
5.1 Technical Measures
- Encryption: SSL/TLS encryption for all data transmission and storage of sensitive information
- Firewall Systems: Advanced firewall protection to prevent unauthorized access
- Access Controls: Strict limitations on who can access personal data (minimum necessary personnel only)
- Security Monitoring: 24/7 monitoring of systems for suspicious activity and potential breaches
- Regular Backups: Automated, secure backups to prevent data loss
- Vulnerability Testing: Regular security scans and penetration testing
5.2 Organizational Measures
- Employee Training: Regular security awareness training for all staff members
- Data Handling Procedures: Written policies for proper handling of personal information
- Confidentiality Agreements: All employees and contractors sign confidentiality agreements
- Incident Response Plan: Established procedures for responding to security incidents
- Security Audits: Regular internal and external security assessments
- Vendor Management: Due diligence and security requirements for third-party providers
5.3 Your Responsibilities
- Strong Passwords: Use complex, unique passwords for your account
- Account Security: Do not share your login credentials with others
- Public Computers: Always log out when using shared or public computers
- Suspicious Activity: Be cautious of phishing emails and suspicious links
- Immediate Reporting: Contact us immediately if you suspect unauthorized account access
6. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and personalize content. Below is a detailed breakdown of the types of cookies we use:
| Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Basic site functions, login state, shopping cart contents | Session (deleted when browser closes) |
| Functional Cookies | User preferences, language settings, location data | Up to 1 year |
| Analytics Cookies | Website usage analysis, performance improvement | Up to 2 years |
| Marketing Cookies | Personalized advertising, campaign tracking | Up to 1 year |
Tracking Technologies Used:
- Google Analytics: Website traffic analysis and user behavior insights
- Facebook Pixel: Advertising effectiveness measurement and retargeting
- Web Beacons: Email open rates and engagement tracking
- Local Storage: Browser-based data storage for improved functionality
- Session Storage: Temporary storage for shopping cart and user preferences
Cookie Management:
You can control cookies through your browser settings. Most browsers allow you to accept, reject, or delete cookies. Please note that disabling certain cookies may affect the functionality of our website, particularly the ability to place orders and access account features.
7. Your Rights (GDPR/CCPA Compliance)
Depending on your location, you may have the following rights regarding your personal information:
7.1 Right of Access
You have the right to request copies of your personal data. We may charge a small fee for this service if your request is clearly unfounded or excessive.
7.2 Right to Rectification
You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
7.3 Right to Erasure (Right to be Forgotten)
You have the right to request that we erase your personal data under certain conditions, such as when the data is no longer necessary for the original purpose.
7.4 Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data under certain circumstances.
7.5 Right to Data Portability
You have the right to request that we transfer the data we have collected to another organization, or directly to you, in a structured, commonly used, and machine-readable format.
7.6 Right to Object
You have the right to object to our processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.
7.7 Right Against Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects you.
How to Exercise Your Rights
To exercise any of these rights, please contact us using the information provided in the Contact Information section. We will respond to your request within 30 days and may ask you to verify your identity before processing your request.
8. Children's Privacy
Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
If we become aware that we have collected personal information from children under 16 without verification of parental consent, we will take steps to remove that information from our servers promptly.
9. International Data Transfers
9.1 Protection Measures
When we transfer your personal data internationally, we ensure appropriate safeguards are in place:
- Adequacy Decisions: Transfers to countries with EU adequacy decisions (like Japan)
- Standard Contractual Clauses (SCC): Using EU-approved contractual protections
- Data Processing Agreements: Binding agreements with international partners
- Security Measures: Encryption and secure transmission protocols
- Regular Audits: Ongoing compliance monitoring and assessments
9.2 Transfer Destinations
- United States: Cloud storage and data processing services
- European Union: Analytics and marketing services
- Other Countries: As necessary for service provision, with appropriate protections
10. Data Retention Periods
We retain your personal information only as long as necessary for the purposes outlined in this policy:
| Information Type | Retention Period | Reason |
|---|---|---|
| Account Information | 6 months after account deletion | Legal obligations, dispute resolution |
| Purchase History | 7 years | Tax and accounting requirements |
| Marketing Consent | 3 months after withdrawal | Consent record keeping |
| Website Usage Logs | Up to 2 years | Security monitoring, analytics |
| Customer Support Records | 3 years | Service quality improvement |
| Allergen Information | As long as account is active | Customer safety and service |
| Loyalty Program Data | 2 years after program termination | Program management and rewards |
Safe Data Disposal
When we delete your data, we ensure:
- Complete Electronic Deletion: Data is permanently and irreversibly deleted from all systems
- Physical Record Destruction: Paper records are securely shredded
- Backup Purging: Data is removed from all backup systems
- Disposal Documentation: We maintain records of data disposal procedures
11. Third-Party Links
Our website may contain links to third-party websites, such as social media platforms, review sites, or partner restaurants. These third-party sites have their own privacy policies, and we are not responsible for their privacy practices or content.
We encourage you to review the privacy policies of any third-party websites you visit. Your interactions with these sites are governed by their respective privacy policies, not ours.
12. Policy Changes
12.1 Change Notification
We may update this Privacy Policy from time to time. When we make changes, we will notify you by:
- Website Notice: Prominent notice on our homepage and relevant pages
- Email Notification: Direct email to all registered users
- Pop-up Notification: In-app or login screen notification
- Explicit Consent: For significant changes that affect your rights
12.2 Checking for Changes
- Current Version: The most current version is always available on our website
- Last Updated Date: Check the "Last Updated" date at the top of this policy
- Continued Use: Continued use of our services after changes constitutes acceptance
- Opt-Out Option: You may stop using our services if you disagree with changes
13. Contact Information
If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact us:
Lou Malnati's
Address: 2436 14th St NW, Washington, DC 20009, USA
Phone: +1 202-915-9004
Email: [email protected]
Business Hours: Monday - Friday: 9:00 AM - 6:00 PM EST
Response Commitment: We will respond to all privacy-related inquiries within 3 business days.
13.1 Complaints
If you have concerns about our privacy practices:
- Contact Us First: Please reach out to us directly for resolution
- Supervisory Authority: If unsatisfied, you may contact your local data protection authority
- For EU Residents: Contact your national data protection authority
- For US Residents: Contact the Federal Trade Commission (FTC)
14. Withdrawal of Consent
14.1 Marketing Consent Withdrawal
You can withdraw your consent for marketing communications at any time:
- Unsubscribe Link: Click the unsubscribe link in any marketing email
- Account Settings: Update your preferences in your online account
- Customer Support: Contact us directly to opt out
- Phone: Call us to remove your number from marketing lists
14.2 Account Deletion
To completely delete your account:
- Log into your account and go to Settings
- Select "Delete Account" option
- Confirm your identity and decision
- Note: Some data may be retained for legal compliance
- You will receive confirmation of account deletion
15. Conclusion
At Lou Malnati's, we are committed to protecting your privacy and maintaining your trust. We believe that transparency about our data practices is essential to building lasting relationships with our customers. This Privacy Policy reflects our dedication to safeguarding your personal information while providing you with exceptional food and service.
Your trust is the foundation of our business, and we work continuously to ensure that your personal information is handled with the utmost care and security. We encourage you to reach out to us with any questions or concerns about your privacy.
Thank you for choosing Lou Malnati's. We appreciate your business and your trust in us to protect your personal information.