Privacy Policy

1. Introduction

Welcome to Bonchon ("we," "our," or "us"). At Bonchon, we are deeply committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at bonchons.digital, use our mobile applications, dine at our restaurants, place orders for delivery or pickup, or interact with us through any other means.

This Privacy Policy applies to all information collected through our website, mobile applications, in-restaurant services, delivery services, catering services, loyalty programs, and any other services we offer (collectively, the "Services"). By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of such changes.

2. Information We Collect

We collect various types of information to provide and improve our Services to you. The information we collect falls into three main categories: information you provide directly, information collected automatically, and information from third parties.

2.1 Information You Provide

When you interact with our Services, you may provide us with the following types of information:

• Personal Identification Information: Your name, email address, phone number, delivery address, billing address, and date of birth when you create an account, place an order, or make a reservation.
• Account Information: Username, password, purchase history, order preferences, favorite items, and saved payment methods associated with your Bonchon account.
• Payment Information: Credit card numbers, debit card numbers, and other payment details. Note: All payment information is encrypted and processed through secure, PCI-compliant payment processors. We do not store complete payment card information on our servers.
• Order History and Preferences: Details of your past orders, dietary preferences, favorite menu items, customization preferences, and reorder patterns.
• Dietary and Allergen Information: Information about food allergies, dietary restrictions (such as vegetarian, vegan, gluten-free, halal, kosher), and special dietary requirements you provide to ensure safe food preparation.
• Loyalty Program Data: Points balance, rewards redemption history, membership tier, and participation in promotional offers through our loyalty program.
• Reservation Information: Table reservation details including date, time, party size, special occasion information, and any special requests.
• Catering Event Details: Event date, location, guest count, menu selections, budget, and specific requirements for catering orders.
• Contact Form Submissions: Information you provide when you contact us through our website, including feedback, complaints, inquiries, and suggestions.
• Reviews and Ratings: Content you post in reviews, ratings, and feedback about our food and services.
• Marketing Preferences: Your preferences for receiving promotional communications, newsletters, and special offers from us.

2.2 Automatically Collected Information

When you access our Services, we automatically collect certain information about your device and usage:

• Device Information: IP address, browser type and version, operating system, device type, device identifiers, screen resolution, and language preferences.
• Usage Data: Pages visited, time spent on pages, links clicked, menu items viewed, search queries, referring website addresses, and navigation patterns within our Services.
• Cookie Data: Session identifiers, user preferences, authentication tokens, shopping cart contents, and analytics data collected through cookies and similar technologies.
• Location Information: Approximate location derived from your IP address, and precise location data if you enable location services on your device (used for delivery services and finding nearby restaurants).
• Order Interaction Data: How you interact with our ordering system, including items added to cart, items removed, checkout process steps, and order completion rates.

2.3 Information from Third Parties

We may receive information about you from third parties, including:

• Social Media Platforms: If you connect your social media accounts (such as Facebook, Google, or Apple) to our Services, we may receive your name, email address, profile picture, and other information you have made publicly available.
• Payment Processors: Transaction confirmations, payment status, and fraud prevention data from our payment service providers.
• Delivery Partners: Delivery status updates, delivery confirmation, and feedback from third-party delivery services when applicable.
• Marketing Partners: Demographic information, interest data, and advertising effectiveness data from our marketing and advertising partners.
• Business Partners: Information from joint promotions, co-branded services, or referral programs with our business partners.

3. How We Use Your Information

We use the information we collect for various purposes to provide, maintain, and improve our Services. Below are the specific ways we use your information:

3.1 Service Provision

• Order Processing: Processing and fulfilling your food orders, including preparation, packaging, and delivery or pickup coordination.
• Delivery Services: Coordinating delivery logistics, providing real-time order tracking, and ensuring accurate delivery to your specified address.
• Customer Support: Responding to your inquiries, resolving complaints, processing refunds or exchanges, and providing assistance with orders.
• Account Management: Creating and maintaining your account, authenticating your identity, and managing your preferences and settings.
• Reservation Management: Processing table reservations, sending confirmation and reminder notifications, and accommodating special requests.
• Catering Services: Planning and executing catering orders, coordinating event details, and ensuring dietary requirements are met.
• Quality Improvement: Analyzing feedback and usage patterns to improve our food quality, service efficiency, and overall customer experience.
• Menu Optimization: Understanding popular items, seasonal preferences, and dietary trends to optimize our menu offerings.

3.2 Communication

• Order Confirmations: Sending confirmations when you place an order, make a reservation, or complete a transaction.
• Order Status Updates: Providing real-time updates on order preparation, estimated delivery time, and delivery status.
• Customer Support Responses: Communicating with you regarding your inquiries, feedback, or support requests.
• Important Notices: Sending notifications about changes to our Services, policies, terms, or restaurant operations (such as hours changes or temporary closures).
• Marketing Communications: With your consent, sending promotional emails, SMS messages, and push notifications about special offers, new menu items, loyalty rewards, and upcoming events.

3.3 Marketing and Analytics

• Personalized Recommendations: Suggesting menu items based on your order history, preferences, and dietary requirements.
• Targeted Advertising: Displaying relevant advertisements on our Services and third-party platforms based on your interests and interactions.
• Traffic Analysis: Analyzing website and app traffic patterns, user behavior, and engagement metrics to understand how our Services are used.
• Campaign Effectiveness: Measuring the performance of our marketing campaigns, promotions, and advertising initiatives.
• Market Research: Conducting research and analysis to develop new products, services, features, and promotional strategies.
• Loyalty Program Administration: Managing your loyalty points, tracking rewards eligibility, and personalizing loyalty offers.

3.4 Legal Compliance

• Legal Requests: Responding to lawful requests from government authorities, law enforcement agencies, and regulatory bodies.
• Fraud Prevention: Detecting, preventing, and investigating fraudulent transactions, unauthorized access, and other illegal activities.
• Rights Protection: Protecting our rights, property, and safety, as well as the rights, property, and safety of our customers and others.
• Dispute Resolution: Handling disputes, enforcing our agreements, and pursuing available remedies.
• Regulatory Compliance: Complying with applicable laws, regulations, and industry standards, including food safety regulations and data protection laws.

4. Information Sharing and Disclosure

We do not sell your personal information. However, we may share your information in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Services:

• Payment Processors: Secure processing of credit card and other payment transactions (e.g., Stripe, Square, PayPal).
• Delivery Companies: Third-party delivery partners who fulfill delivery orders on our behalf.
• Cloud Storage Providers: Secure storage of data on cloud infrastructure (e.g., Amazon Web Services, Google Cloud).
• Email and SMS Services: Sending transactional and marketing communications on our behalf.
• Analytics Tools: Analyzing website traffic, user behavior, and campaign performance.
• Customer Support Platforms: Managing customer inquiries and support tickets.

All service providers are contractually obligated to use your information only for the purposes of providing services to us and must maintain appropriate security measures.

4.2 Legal Requirements

We may disclose your information when required by law or in response to:

• Court Orders and Subpoenas: Valid legal process requiring disclosure of information.
• Government Requests: Lawful requests from government agencies and law enforcement.
• Legal Compliance: Compliance with applicable laws, regulations, and legal processes.
• Rights Protection: Protection of our rights, property, and safety, or the rights, property, and safety of others.
• Emergency Situations: Addressing emergencies involving potential threats to public safety.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets:

• Your information may be transferred as part of the transaction.
• We will notify you via email and/or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.
• The acquiring entity will be required to honor the commitments made in this Privacy Policy.

4.4 With Your Consent

We may share your information for purposes not described in this Privacy Policy with your explicit consent. You will be informed of the specific purpose and have the opportunity to decline before any such sharing occurs.

5. Data Security

We take the security of your personal information seriously and implement comprehensive measures to protect it.

5.1 Technical Measures

• SSL/TLS Encryption: All data transmitted between your device and our servers is encrypted using industry-standard SSL/TLS protocols.
• Advanced Firewall Systems: Our servers are protected by enterprise-grade firewalls and intrusion detection systems.
• Access Control: Access to personal information is restricted to authorized personnel who need it to perform their job functions.
• 24/7 Security Monitoring: Continuous monitoring of our systems for security threats and unauthorized access attempts.
• Regular Data Backups: Secure, encrypted backups of data to ensure recovery in case of system failures.
• Secure Payment Processing: PCI-DSS compliant payment processing to protect your payment information.

5.2 Organizational Measures

• Employee Training: Regular security awareness training for all employees who handle personal information.
• Data Handling Procedures: Documented procedures for collecting, processing, storing, and disposing of personal data.
• Third-Party Agreements: Confidentiality and data protection agreements with all third-party service providers.
• Incident Response Plan: Comprehensive plan for responding to security incidents and data breaches.
• Regular Security Audits: Periodic assessments and audits of our security practices and systems.

5.3 Your Responsibilities

You also play an important role in protecting your information:

• Strong Passwords: Use unique, complex passwords for your Bonchon account.
• Password Confidentiality: Never share your password with others.
• Secure Logout: Always log out of your account when using public or shared computers.
• Suspicious Activity: Be cautious of phishing emails and suspicious links claiming to be from Bonchon.
• Report Issues: Immediately report any unauthorized access or suspicious activity to us.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver targeted advertising. Below is a detailed explanation of the cookies we use:

Cookie Type	Purpose	Duration
Essential Cookies	Required for basic website functionality, including user authentication, shopping cart, and secure checkout. Cannot be disabled.	Session
Functional Cookies	Remember your preferences such as language, location, dietary filters, and saved addresses to provide a personalized experience.	Up to 1 year
Analytics Cookies	Collect anonymous data about how visitors use our website, including pages visited, time on site, and navigation paths. Used to improve our Services.	Up to 2 years
Marketing Cookies	Track your activity across websites to deliver personalized advertisements and measure advertising campaign effectiveness.	Up to 1 year

Tracking Technologies We Use

• Google Analytics: Analyzes website traffic, user behavior, and conversion rates to help us understand and improve our Services.
• Facebook Pixel: Measures advertising effectiveness, tracks conversions, and enables retargeting on Facebook and Instagram.
• Web Beacons: Small graphic images used in emails to track open rates and engagement with our marketing communications.
• Local Storage: Stores data locally in your browser to remember preferences and improve performance.

Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to:

• View what cookies are stored on your device
• Delete individual or all cookies
• Block cookies from specific or all websites
• Set preferences for how cookies are handled

Please note that disabling certain cookies may affect the functionality of our Services, including the ability to place orders, save preferences, and access your account.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal information under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

7.1 Right of Access

You have the right to request access to the personal information we hold about you. This includes the right to know what data we have collected, how it is being used, and with whom it has been shared.

7.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal information we hold about you. You can update most of your account information directly through your account settings.

7.3 Right to Erasure (Right to be Forgotten)

You have the right to request that we delete your personal information in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or when you withdraw consent.

7.4 Right to Restrict Processing

You have the right to request that we limit how we use your personal information in certain circumstances, such as when you contest the accuracy of the data or when processing is unlawful.

7.5 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.

7.6 Right to Object

You have the right to object to the processing of your personal information in certain circumstances, particularly for direct marketing purposes. You can opt out of marketing communications at any time.

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects, unless such processing is necessary for a contract or based on your explicit consent.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in Section 13. We will respond to your request within 30 days. In some cases, we may need to verify your identity before processing your request.

8. Children's Privacy

Our Services are not intended for children under the age of 16. We do not knowingly collect, use, or disclose personal information from children under 16 without verifiable parental consent.

• If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately.
• Upon verification, we will promptly delete any personal information collected from children under 16.
• We encourage parents and guardians to monitor their children's online activities and to help enforce this Privacy Policy.

9. International Data Transfers

Bonchon operates globally, and your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country.

9.1 Protection Measures

When we transfer your information internationally, we implement appropriate safeguards to ensure your data remains protected:

• Adequacy Decisions: We transfer data to countries that have been deemed to provide an adequate level of data protection by relevant authorities.
• Standard Contractual Clauses (SCCs): We use EU-approved standard contractual clauses when transferring data to countries without adequacy decisions.
• Data Processing Agreements: We enter into binding agreements with all international partners that require them to protect your data.
• Security Measures: We ensure that appropriate technical and organizational security measures are in place regardless of where data is processed.
• Regular Compliance Audits: We conduct regular audits to ensure our international partners comply with data protection requirements.

9.2 Transfer Destinations

Your information may be transferred to and processed in:

• United States: Cloud storage and infrastructure services.
• European Union: Data analytics and customer support services.
• Other Countries: As necessary for service provision, with appropriate protection measures in place.

10. Data Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

Information Type	Retention Period	Reason
Account Information	6 months after account deletion	Legal obligations, fraud prevention, dispute resolution
Purchase History	7 years	Tax and accounting requirements, warranty claims
Order Details	3 years	Service quality, customer support, loyalty program
Marketing Consent Records	3 months after withdrawal	Consent record keeping, compliance documentation
Website Usage Logs	Up to 2 years	Security monitoring, analytics, troubleshooting
Customer Support Records	3 years	Service quality improvement, dispute resolution
Loyalty Program Data	Duration of membership + 1 year	Program administration, rewards fulfillment
Allergen Information	Duration of account + 6 months	Food safety, customer protection

Safe Data Disposal

When data is no longer needed, we ensure its secure disposal through:

• Electronic Deletion: Permanent and unrecoverable deletion from all systems and backups.
• Physical Records: Secure shredding of any physical documents containing personal information.
• Backup Data: Systematic deletion from backup systems within defined retention cycles.
• Disposal Records: Maintenance of records documenting data disposal for compliance purposes.

11. Third-Party Links

Our Services may contain links to third-party websites, applications, and services that are not owned or controlled by Bonchon. These may include:

• Social media platforms (Facebook, Instagram, Twitter)
• Third-party delivery services
• Payment processors
• Review platforms
• Partner websites and promotions

Please be aware that:

• We are not responsible for the privacy practices or content of these third-party sites.
• We encourage you to review the privacy policies of any third-party sites before providing any personal information.
• Your interactions with third-party sites are governed by their respective privacy policies and terms of service.
• Inclusion of a link does not imply endorsement of the linked site by Bonchon.

12. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

12.1 Change Notification

When we make material changes to this Privacy Policy, we will notify you through:

• Website Notice: A prominent notice on our website and mobile app.
• Email Notification: An email to registered users with details of the changes.
• Login Notification: A pop-up or banner notification when you log into your account.
• Consent Request: For significant changes affecting your rights, we will seek your explicit consent before the changes take effect.

12.2 Checking for Changes

• The latest version of this Privacy Policy is always available on our website at bonchons.digital/privacy.html.
• Check the "Last Updated" date at the top of this page to see when the policy was last revised.
• Your continued use of our Services after changes are posted constitutes your acceptance of the updated Privacy Policy.
• If you do not agree with any changes, you have the right to stop using our Services and request deletion of your account.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Response Commitment: We are committed to responding to all privacy-related inquiries within 3 business days. For requests requiring verification or detailed investigation, we will respond within 30 days as required by applicable law.

13.1 Complaints

If you are not satisfied with our response to your privacy concerns:

• Contact Us First: Please reach out to us directly so we can address your concerns. We are committed to resolving all privacy-related issues promptly and fairly.
• Supervisory Authority: If you remain unsatisfied, you have the right to lodge a complaint with your local data protection supervisory authority:
  • US Residents: Federal Trade Commission (FTC) at ftc.gov
  • EU Residents: Your local Data Protection Authority
  • UK Residents: Information Commissioner's Office (ICO) at ico.org.uk

14. Withdrawal of Consent

Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.

14.1 Marketing Consent Withdrawal

You can withdraw your consent for marketing communications at any time through:

• Unsubscribe Link: Click the unsubscribe link at the bottom of any marketing email.
• Account Settings: Update your communication preferences in your Bonchon account settings.
• Customer Support: Contact our customer support team to update your preferences.
• SMS Opt-Out: Reply "STOP" to any promotional SMS message.

Please note that withdrawing marketing consent will not affect the processing of essential transactional communications related to your orders.

14.2 Account Deletion

You can request deletion of your account and associated data by:

1. Logging into your Bonchon account.
2. Navigating to Account Settings > Privacy.
3. Selecting "Delete My Account" and confirming your request.
4. Alternatively, contact our customer support team to request account deletion.

Please note that certain information may be retained for legal compliance, fraud prevention, and dispute resolution purposes as outlined in Section 10 (Data Retention Periods).

15. Conclusion

At Bonchon, protecting your privacy is fundamental to how we operate. We are committed to being transparent about how we collect, use, and share your personal information, and to giving you control over your data.

We understand that trust is earned, and we work every day to maintain the trust you place in us when you choose to dine with us, order our food, or interact with our Services. Your privacy is not just a legal obligation—it's a core value that guides our business practices.

We encourage you to reach out to us with any questions or concerns about this Privacy Policy or our privacy practices. Our team is here to help and ensure you feel confident about how your information is handled.

Thank you for choosing Bonchon. We appreciate your trust and look forward to serving you delicious food while keeping your personal information safe and secure.