Bacio di Latte Privacy Policy

Last Updated: November 22nd, 2023

1. Introduction
2. What Information We Collect
3. Use of Cookies and other Tracking Technologies
4. Why We Collect Information
5. When We Disclose Information
6. Ads and Information About You
7. Retention of Your Personal Information
8. Your Choices About the Information We Collect
9. Children’s Privacy
10. Do Not Track Disclosures
11. Visitors Outside of the United States
12. Links
13. Security
14. Your California Privacy Rights
15. Your Privacy Rights Under the General Data Protection Regulation
16. Your Rights Under the Lei Geral de Proteção de Dados (LGPD)
17. Questions / Changes in Privacy Policy

1. Introduction

Welcome. You have arrived at a website provided and operated by BDL USA, Inc. (“Bacio di Latte”, “Company” or “we”, “our” or “us”. We respect your privacy and want to protect your personal information. The privacy of your personal information is important, and we provide this notice to tell you what personal information we collect from you, why we collect it, how we use it, under what circumstances we share it with third parties, how we protect that information, and how you may opt out of the sale or sharing of that information.

This Privacy Policy governs the website https://baciodilatte.us, its subdomains, affiliated retail stores, and all portals, applications, products, goods, services, events, and any interactive features, applications, or other services that post a link to this Privacy Policy (the “Site”). This Privacy Policy also applies to information (including the “Personal Information” defined below) that we may collect from you via phone calls, in person at any of our locations, other communications with our representatives or in any other instance when you contact us. We refer to all of the above as our “Services.” This Site is intended for Users in the United States only.

All references to “you”, “your” or “User” in this Privacy Policy means the person who registers for, accesses, or uses the Site or our Services. If you use or access our Site or Services on behalf of a company or organization, such company or organization will also be considered to agree to this Privacy Policy, and “you” and “your” refers to that company or organization as well.

If you have questions about this Privacy Policy, contact us at Hello@baciodilatte.us.

Please review this policy carefully. This Privacy Policy is incorporated into our Terms and Conditions which govern your use of this Site. By using our Site or Services, you consent to our Privacy Policy and agree to our Terms andConditions. If you do not agree with this Privacy Policy or our Terms and Conditions, your sole remedy is to stopusing the Site and our Services. If you provide your information in the course of interacting with our Site, speaking with one of our representatives in person or on the phone or otherwise using our Services, we will take that as your agreement to our collection, use, and disclosure of your information as set forth in this Privacy Policy.

This Privacy Policy does not apply to any products, goods, services, websites, or content that are offered by third parties (“Third Party Services”), which are governed by their respective privacy policies. We are not responsible for the policies of any Third Parties.

2. What Information We Collect

As a preliminary matter, we handle all information you provide us with the utmost care.

Information You Provide to Us

The categories of Personal Information we collect directly from you may include:

Email address;
First name and last name;
Phone number;
Address, City, State, ZIP/Postal Code;

Social media information, such as your social media handle, content and other social media data shared with us through third-party features that you use on our Site and other services (such as apps, tools, payment services, widgets and plug-ins offered by social media platforms like Facebook, Instagram and X, formerly known as Twitter) or posted on social media pages (including when you tag us or post comments on our social media pages or other pages accessible to us); and

Your payment and/or service history, including records of products or services purchased;
Other information that could reasonably be used to identify you personally or identify your household or device.

Additionally, we may obtain Personal Information from you where you expressly provide us with the information. Examples of sources from which we collect information include sign ups in our stores, phone calls with you, letters, e-mails or other communications from you, information provided via web forms or inputs/uploads into our Site or at events we attend or sponsor, and documents you have provided to us.

Your decision to provide us with information is voluntary, but if you choose not to provide requested information, you may not be able to take advantage of all of the Site’s features or our Services.

If you apply for a job or are employed with us, you may provide additional information to us, such as:

Your birthdate or age;
Your current or past professional or employment information;
Your educational information;
Your military or veteran status;
Your marital status;
Information about your dependents and beneficiaries;
Your social security or passport number or information regarding your legal right to work in the United States,
Protected class information under California or federal law, such as your race, gender, age or disability status; and/or
Financial information, such as a credit card, debit card, or bank account for payroll or other purposes.

Information That Is Automatically Collected

In addition to information that you choose to submit to us, we and/or our service providers may automatically collect and/or store certain information when you visit or interact with the Site (“Usage Information”). This Usage Information may be stored and/or accessed from your personal computer, laptop, tablet, mobile phone or other device (a “Device”) whenever you visit or interact with our Site. Usage Information may include:

Your IP address, IDFA, Android/Google Advertising ID, IMEI, or another unique identifier;
Your Device functionality (including browser, browser language, operating system, hardware, mobile network information);
Referring and exit web pages and URLs;
The areas within our Site that you visit and your activities there, including remembering you and your preferences;
Your Device location or other geolocation information, including the zip code, state or country from which you accessed the Services;
Your Device characteristics; and
Certain other Device data, including the time of day you visit our Site.

We may collect audio, video, or sensory information, such as video recordings, when you visit our Locations. We use this information for safety and security purposes only.

Information From Third Parties

We may collect information about you from other sources, including consumer credit reporting agencies or background check vendors, in order to evaluate an application for employment. We also may obtain Personal Information about you if you are listed as a dependent or beneficiary of an employee. We may also obtain information about you (e.g., an email address), if another User has forwarded information about our Services to you. We may also obtain information about you from marketers and market research firms. We may combine the information we collect from third parties with information that we have collected from you or through your use of the Services.

In addition, the Site may include functionality that allows certain kinds of interactions between the Site and your account on a third-party website or application. The use of this functionality may involve the third-party site providing information to us. For example, we may provide links on the Site to facilitate sending a communication from the Site or we may use third parties to facilitate emails or postings to social media (like a “Share” or “Forward” button) or to order our products. These third parties may retain any information used or provided in any such communications or activities and these third parties’ practices are not subject to our Privacy Policy. We may not control or have access to your communications through these third parties. Further, when you use third-party sites or services, you are using their services and not our services, and we are not responsible for their practices. You should read the applicable third-party privacy policies before using such third-party tools on our Site. Please also see our Terms and Conditions for further information.

3. Use of Cookies and other Tracking Technologies

Our website may use various methods and technologies to store or collect Usage Information (“Tracking Technologies”). Tracking Technologies may set, change, alter or modify settings or configurations on your Device. A few of the Tracking Technologies used on the Site) include, but are not limited to, the following (as well as future-developed tracking technology or methods that are not listed here):

Cookies. A cookie is a file placed on a Device to uniquely identify your browser or to store information on your Device. Our Site may use HTTP cookies, HTML5 cookies, Flash cookies and other types of cookie technology to store information on local storage.
Web Beacons. A Web Beacon is a small tag (which may be invisible to you) that may be placed on our Site’s pages and messages.
Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with the Site, such as the links you click.
ETag, or entity tag. An ETag or entity tag is a feature of the cache in browsers. It is an opaque identifier assigned by a web server to a specific version of a resource found at a URL.
Browser Fingerprinting. Collection and analysis of information from your Device, such as, without limitation, your operating system, plug-ins, system fonts and other data, for purposes of identification.
Recognition Technologies. Technologies, including application of statistical probability to data sets, which attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices is the same user).

We may use the following types of cookies:

Strictly necessary cookies. These cookies are essential for you to browse the Sites or App and use its features, such as accessing secure areas of the site.
Functionality cookies. Also known as “preference cookies,” these cookies allow the Sites or App to remember choices you have made in the past, like what language you prefer, or what your user name and password are so you can automatically log in.
Analytics cookies. Also known as “performance cookies,” these cookies collect information about how you use a website, like which pages you visited and which links you clicked on. Their purpose is to improve website functions. This includes cookies from third-party analytics services if the cookies are for the exclusive use of the owner of the website visited.
Advertising cookies. These cookies track your online activity to help advertisers deliver more relevant advertising or to limit how many times you see an ad. These cookies can share that information with other organizations or advertisers. These are persistent cookies and almost always of third-party provenance.

4. Why We Collect Information

We may use your information for various purposes, including:

Responding to your requests for information;
Providing goods and Services to you;
Verifying your identity and for fraud prevention;
Processing your orders or payments;
Providing you with updates and information about products and services we provide;
Sending you marketing information about Bacio di Latte and our affiliated entities;
Sending you email communications such as electronic newsletters about our Services and events and promotions which may be of interest to you;
Improving the effectiveness of our Site, our marketing endeavors, and our product and service offerings;
Identifying your product and service preferences, providing personalized content and ads and informing you of new or additional information, products and services that may be of interest to you;
Helping us address problems with and improve our Site and our products and services, including testing and creating new products, features, and services;
Providing mobile marketing messages and other communications and messages;
Protecting the security and integrity of the Site, including understanding and resolving any technical and security issues reported on our Site;
Administering employee benefits, such as medical, dental, commuter and retirement benefits, including recording and processing eligibility of dependents, absence and leave monitoring, insurance and accident management, rewards or discount programs offered to employees;
Engaging in analysis, research, and reports regarding the use of our Site and Services;
For internal business purposes;
Complying with the law and protecting the safety, rights, property or security of Bacio di Latte, the Services, and the general public;
For purposes disclosed at the time you provide your information or as otherwise set forth in this Privacy Policy; and
For other purposes.

4. When We Disclose Information

With Service Providers: We may share your Personal Information with Service Providers for payment processing; for shipment, delivery or pickup of our products and Services; to monitor and analyze the use of our Services; to send newsletters or information regarding our products, events and Services; to show advertisements to you to help support and maintain our Services; to advertise on third party websites to you after you visited our Site; to provide other technological or application support to us (including web accessibility, cookie preferences, website hosting, etc.); or to contact you.
For Business Transfers: We may share or transfer your information (i) to a subsequent owner, co-owner or operator of the Site and/or our Services; or (ii) in connection with a financing, merger, consolidation, restructuring, negotiation, of all or a portion of our interests and/or assets or other corporate change, including during any due diligence process.
With Affiliates: We may share your Personal Information with our affiliates, in which case we require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any other subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
With Business Partners: We may share your information with our business partners to offer you certain products, services, or promotions. (If you are a California resident, you have the right to request additional information regarding the “sale” of your information. Please see the Section entitled “Your California Privacy Rights” below about these rights.)
With Other Users: When you share Personal Information or otherwise interact in the public areas of our Site or our social media with other Users, such information may be viewed by all Users and may be publicly distributed outside the website or app in which you originally interacted with us.

We currently use the following third parties to provide business services for us:

Service Provider	Purpose	Applicable Privacy Policy
Google Analytics	Website analytics and traffic reporting	https://policies.google.com/privacy
Google AdSense	Advertising	http://www.google.com/ads/preferences/
ChowNow	Delivery and online orders	https://get.chownow.com/privacy-policy
Mailchimp	Email Marketing	https://mailchimp.com/legal/privacy/
Apple Store In-App Payments	Payment processing	https://www.apple.com/legal/privacy/en-ww/
Google Play In-App Payments	Payment Processing	https://www.google.com/policies/privacy/
Stripe	Payment processing	https://stripe.com/us/privacy
PayPal	Payment processing	https://www.paypal.com/webapps/mpp/ua/privacy-full
Square	Payment processing	https://squareup.com/us/en/legal/general/privacy
Google reCAPTCHA	Website security and fraud prevention	https://www.google.com/intl/en/policies/privacy/

In addition, we may share the information we have collected about you, including Personal Information, as may be further disclosed at or before the time you provide your information and as described in this Privacy Policy.

To the extent permitted by law, certain Personal Information about you may be disclosed in the following situations:

To comply with a validly issued and enforceable subpoena or summons.
In conjunction with a prospective purchase, sale, or merger of all or part of our practice, provided that we take appropriate precautions (for example, through a written confidentiality agreement) so the prospective purchaser or merger partner does not disclose information obtained in the course of the review.
As a part of any actual or threatened legal proceedings or alternative dispute resolution proceedings either initiated by or against us, provided we disclose only the information necessary to file, pursue, or defend against the lawsuit and take reasonable precautions to ensure that the information disclosed does not become a matter of public record.

Finally, we may aggregate, de-identify, and/or anonymize any information collected through the Site or Services such that such information is no longer linked to your personally identifiable information. We may use and share this aggregated and anonymized information (which is no longer considered Personal Information) for any purpose, including without limitation, for research and marketing purposes, and may also share such data with our affiliates and third parties, including advertisers, promotional partners and others.

6. Ads and Information About You

You may see certain ads on our Site because we participate in advertising networks administered by third parties. These networks track your online activities over time and across third party websites and online services by collecting information through automated means, including through the use of the Tracking Technologies described above, and they use this information to show you advertisements that are tailored to your individual interests. The information they collect includes information about your visits to our Site, such as the pages you have viewed. This collection and ad targeting takes place both on our Site and on third-party websites that participate in the ad network. This process also helps us track the effectiveness of our communications and marketing efforts.

We may also use Tracking Technologies, such as our own cookies, to provide you with personalized online display advertising tailored to your interests. We and third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as a DoubleClick cookie) together to report how your ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to visits to our Site. To learn more about how to opt out of Google’s use of the Google analytics cookies, visit, here. To learn more about how to opt out of DoubleClick’s use of cookies, visit the DoubleClick opt-out page, here. If you would like more information about behavioral advertising practices, go to the Digital Advertising Alliance’s WebChoices tool at www.aboutads.info. To learn about your choices in connection with these practices on the particular device on which you are accessing this Privacy Policy, please visit http://www.networkadvertising.org/choices and http://www.aboutads.info/choices. You may also click on the informational icon contained within each interest-based ad. We do not control these opt-out links or whether any particular company chooses to participate in these opt-out programs. We are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.

You can set your web browser to alert you when a cookie is being used. You can also get information on the duration of the cookie and what server your data is being returned to. You then can accept or reject the cookie. Additionally, you can set your browser to refuse all cookies or accept only cookies returned to the originating servers.

You can opt in or out of cookies at any time – except strictly necessary cookies (these are used to help make our website work efficiently). If you wish to restrict or block the cookies set by any website, you can do this through the web browser settings for each web browser you use, on each device you use to access the internet. You may “clear” all cookies to force our cookie preferences panel to restart so that you may change your cookie preferences at any time. Currently, you cannot synchronize your settings between your browsers and devices (e.g., your computer and your smartphone), so you must manage your cookies on each browser, on each device.

Information on controlling and deleting cookies, including on a wide variety of browsers, is also available at allaboutcookies.org. Some of the more popular browsers (and links to manage your cookies on each) are:

Some services may not function or may have more limited functionality if your web browser does not accept cookies. However, you can allow cookies from specific websites by making them ‘trusted websites’ in your web browser.

If you do not wish to accept cookies from one of our emails, you can choose not to download any images or click on any links. You can also set your browser to restrict cookies or to reject them entirely. These settings will apply to all cookies, whether included on websites or in emails. Depending on your email or browser settings, cookies in an email may sometimes be automatically accepted (for example, when you’ve added an email address to your address book or safe senders list). For more information, refer to your email browser or device instructions.

Please note that even if you exercise the opt-out choices above, you may continue to receive advertisements, for example, ads based on the particular website you are viewing (e.g., contextually based ads) or ads that are not targeted at you which may be less relevant. Also, if your browser (like some Safari browsers) is configured to reject opt-out cookies when you opt out on the DAA or NAI websites, your opt-out may not be effective.

California residents may have additional options to limit the sharing of their Personal Information for targeted advertising, as set forth below in our California Privacy Rights section.

7. Retention of Your Personal Information

Bacio di Latte will retain your Personal Information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Information to the extent necessary to perform our Services for you, comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Information for internal analysis purposes. Usage Information is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer time periods.

We utilize the following criteria to determine the length of time for which we retain Personal Information:

How long we have had a relationship with you or provided our Services to you
The business purposes for which the information is used, and the length of time for which the information is required to achieve those purposes;
Whether we are required to retain the information, or the information is otherwise necessary, in order to: comply with legal obligations or contractual commitments: defend against potential legal claims: detect or prevent potential illegal activity or actions in violation of our policies and procedures; secure our systems and online environment; or protect health and safety;
The privacy impact on individuals of ongoing retention; and
The manner in which information is maintained and flows through our systems, and how best to manage the lifecycle of information in light of the volume and complexity of the systems in our infrastructure.

8.Your Choices About the Information We Collect

You have many choices when it comes to your Personal Information. You may always change the settings on your Device (such as location settings, cookies, or allowing apps to track you) to limit some of the information that is shared with us.

If you wish to update your Personal Information, please contact us at Hello@baciodilatte.us. We will make good faith efforts to make requested changes in our then-active databases as soon as reasonably practicable (but we may retain your prior information as a business record).

Communication Preferences

If you would prefer that we not share your name and mailing address with third parties (other than with our affiliates) to receive promotional offers, you have the option to opt out of such sharing. To do so, please contact us at Hello@baciodilatte.us. Your choice will not affect our ability to share information in the other ways described in this Privacy Policy.

Depending on the jurisdiction in which you reside, you may have additional options to access, correct, delete or limit the information you have provided to us.

You may exercise your choices by using the following methods to contact us:

Email: Click the unsubscribe link in emails or email us at Hello@baciodilatte.us

Postal address:

BDL USA, Inc.
6800 Owensmouth Avenue
Canoga Park, CA 91303

Please include your full name, contact information and your communication preferences.

Please note that certain of your personal information, such as your name or other identifying information, may remain in our database even after a deletion request in order to service your account, maintain the integrity and historical record of our database and systems, or to comply with applicable laws and regulations.

Finally, if you implement a deletion request but later sign up for information or Services, your most recent request will control our information relationship with you.

Opt-Out Preference Signals

Some browsers and browser extensions support opt-out preference signals such as Global Privacy Control (“GPC”) that send a signal to the websites you visit indicating your choice to opt-out from certain types of data processing, including data sales. In certain jurisdictions, when we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting as required by applicable law.

9. Children’s Privacy

Our Site is not intended for use by children under the age of 16. We do not request, or knowingly collect, any personally identifiable information from children under the age of 16. If you are the parent or guardian of a child under 16 who you believe has provided her or his information to us, please contact us at Hello@baciodilatte.us to request the deletion of that information.

10. Do Not Track Disclosures

Do Not Track (“DNT”) is a web browser setting that requests that a web application disable its tracking of an individual user. When you choose to turn on the DNT setting in your browser, your browser sends a special signal to websites, analytics companies, ad networks, plug in providers, and other web services you encounter while browsing to stop tracking your activity. Various third parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third-party websites or online services (e.g., browser do not track signals), but there is no universally agreed upon standard for what a company should do when it detects a DNT signal. Currently, we do not monitor or take any action with respect to these signals or other mechanisms. You can learn more about Do Not Track here. If changes to applicable law require recognition of the Do Not Track signal, we will modify this section accordingly.

11. Visitors Outside of the United States

This Site is intended for Users in the United States only. If you are visiting the Site from a location outside of the U.S., your connection will be through and to servers located in the U.S. All information you receive from the Site will be created on servers located in the U.S., and all information you provide will be maintained on web servers and systems located within the U.S. The data protection laws in the United States may differ from those of the country in which you are located, and your information may be subject to access requests from governments, courts, or law enforcement in the United States according to laws of the United States. By using the Site or providing us with any information, you consent to the transfer to, and processing, usage, sharing and storage of your information in the United States and in other countries, as set forth in this Privacy Policy.

12. Links

For your convenience, the Site and this Privacy Policy may contain links to other websites. Bacio di Latte is not responsible for the privacy practices, advertising, products, services, or the content of such other websites. None of the links on the Site should be deemed to imply that Bacio di Latte endorses or has any affiliation with the links. Please see our Terms and Conditions for more information.

13. Security

We incorporate commercially reasonable safeguards to help protect and secure your Personal Information. However, no data transmission over the Internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit to or from our Site, and you provide us with your information at your own risk.

14. Your California Privacy Rights

This section of the Privacy Policy applies solely to California residents. We have adopted this policy to comply with the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”). Any terms defined in the CCPA have the same meaning when used in this section. Bacio di Latte’s California employees, prior employees, contractors and job applicants may have additional or different disclosures available to them, as set forth below.

California residents have the following rights:

- - To know the categories of Personal Information being collected about you, the purposes for which the categories of information are collected or used, and whether that information is sold or shared;
  - To know the length of time we intend to retain each category of Personal Information;
  - To know whether your Personal Information is sold or disclosed and to whom;
  - To access your Personal Information;
  - To delete the Personal Information you have provided to us, with certain exceptions;
  - To correct your Personal Information if it is inaccurate;
  - To access information about automated decision making and to reject such automated decision-making in certain instances;
  - To know if Sensitive Personal Information (“SPI”) is being collected about you, the categories of SPI being collected, the purposes for which the categories of SPI are collected or used, and whether the SPI is sold or shared;
  - To limit the use of your SPI, if it is used for cross-contextual behavioral advertising or for the purpose of inferring characteristics about you;
  - To opt out of the sale or sharing of Personal Information; and
  - Not to be discriminated or retaliated against, even if you exercise your privacy rights.

The earlier sections in this Privacy Policy describe in detail what categories of information we collect and the purposes for which we use that information.

Request For Information, Correction, or Deletion

California consumers have the right to request, under certain circumstances, that a business that collects personal information about the consumer disclose to the consumer the information listed below for the preceding 12 months:

- - The categories of Personal Information we have collected from you;
  - The categories of sources from which we collected the Personal Information;
  - The business purpose we have for collecting your Personal Information;
  - The specific pieces of Personal Information we have collected about you.
  - The categories of Personal Information that we have disclosed for a business purpose, or if we have not disclosed that information for a business purpose;
  - The categories of Personal Information that we have sold, or if we have not sold the Personal Information;
  - The categories of third parties to whom the Personal Information was disclosed for a business purpose or sold;
  - The business purpose we have for disclosing or selling that Personal Information; and
  - The categories of Sensitive Personal Information we have collected, and whether such information is sold or shared, except for such information that is collected or processed without the purpose of inferring characteristics about you.

Please note that if we collected information about you for a single one-time transaction and do not keep that information in the ordinary course of business, that information will not be retained for purposes of a request under this section. In addition, if we have de-identified or anonymized data about you, we are not required to re-identify or otherwise link your identity to that data if it is not otherwise maintained that way in our records.

You also have the right to request that we correct or delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

As permitted by the CCPA, if you request deletion of Personal Information that we have collected about you, we, our service providers, and our contractors may be unable to comply with such a request if your Personal Information is necessary to:

- - Complete the transaction for which the Personal Information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between us and you;
  - Prevent, detect, and investigate security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
  - Debug to identify and repair errors that impair existing intended functionality;
  - Exercise free speech, ensure the right of another Consumer to exercise his or her right of free speech, or exercise another right provided for by law;
  - Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with section 1546) of Title 12 of Part 2 of the Penal Code;
  - Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of that information is likely to render impossible or seriously impair the achievement to such research, if you have provided informed consent;
  - Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
  - Comply with a legal obligation; or
  - Otherwise use your Personal Information, internally, in a lawful manner that is compatible with the context in which you provided the information.

Do Not Sell or Share My Personal information

As a California resident, you also have the right, at any time, to tell us not to sell Personal Information – this is called the “right to opt-out” of the sale of Personal Information. You may exercise this right as set forth in the section entitled “Exercising Your California Privacy Rights” below.

Right to Limit Use of Sensitive Personal Information

California consumers have the right to limit the use of each type of Sensitive Personal Information (“SPI”) for each purpose with each type of third-party partner. Consumers can revoke this permission at any time. Please note that Company only keeps SPI for the transaction for which it is required. At this time, we do not provide your Sensitive Personal Information to any third parties other than those service providers that are necessary for us to provide our Services to you. For instance, we share SPI of our employees with service providers to provide them with benefits and workplace accommodations. We do not share your SPI for cross-contextual behavioral advertising or for the purpose of inferring characteristics about you.

Right not to be Discriminated Against

We will not discriminate against you for exercising any of your rights under the CCPA or CPRA. Unless permitted by California law, we will not:

- - Deny you goods or services;
  - Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
  - Provide you a different level or quality of goods or services; or
  - Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, as permitted by California law, we may offer you certain financial incentives that can result in different prices, rates, or quality levels. Any permitted financial incentive we offer will reasonably relate to the value of your Personal Information, for instance, if you sign up for a newsletter with us, we may provide you with discounts for future products or Services. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

Third Party Marketing

California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for their own direct marketing purposes in the preceding calendar year and the names and addresses of those third parties.

Personal Information We Collect About California Consumers

For California residents, Bacio di Latte provides the following information about our collection of certain types of personal information about you during your relationship with us, as stated above. In particular, our Site has collected the following categories of Personal Information from consumers within the last twelve (12) months of the Effective Date of this Privacy Policy:

Category of Personal Information Collected	Collected (Yes/No)	Sources of Collected Personal Information	Sold (as defined in CCPA)	Shared
A. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers (Cal. Civ. Code 1798.140(v)(1)(A))	Yes	You Automatically Third Parties	Yes	Yes – service providers only
B. Personal information categories listed in the California Customer Records statute at Cal. Civ. Code 1798.80(e) (Cal. Civ. Code 1798.140(v)(1)(B))	Yes	You Automatically Third Parties	Yes	Yes – service providers only
C. Characteristics of protected classifications under California or federal law (Cal. Civ. Code 1798.140(v)(1)(C))	Yes (for job applicants and employees); No for all others	You	No	Yes – service providers only
D. Commercial information including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies (Cal. Civ. Code 1798.140(v)(1)(D))	Yes	You Automatically	Yes	No
E. Biometric information (Cal. Civ. Code 1798.140(v)(1)(E))	Yes (in the context of video or audio surveillance at our store locations)	Automatically	No	No
F. Internet or other electronic network activity information including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement (Cal. Civ. Code 1798.140(v)(1)(F))	Yes	Automatically	Yes	Yes
G. Geolocation data (Cal. Civ. Code 1798.140(v)(1)(G))	No	N/A	N/A	N/A
H Audio, electronic, visual, thermal, olfactory, or similar information (Cal. Civ. Code 1798.140(v)(1)(H))	Yes (in the context of video or audio surveillance at our store locations)	Automatically	No	No
I. Professional or employment-related information (Cal. Civ. Code 1798.140(v)(1)(I))	Yes (for job applicants and employees); No for all others	You Third Parties	No	No
J. Education information (as defined in 20 U.S.C. section 1232g, 43 C.F.R. Part 99) (Cal. Civ. Code 1798.140(v)(1)(J))	No	You Third Parties	No	No
K. Inferences drawn from any of the information above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. (Cal. Civ. Code 1798.140(v)(1)(K))	Yes	You Automatically Third Parties	Yes (in context of analytics)	Yes
L. Sensitive Personal Information such as social security number, driver’s license number, Account log-in, debit, or credit card number in combination with password or PIN, precise geolocation, racial/ethnic origins, religious or philosophical beliefs, union membership, contents of e-mails or texts to others, genetic/biometric data, health information, sex life/sexual orientation data (Cal. Civ. Code 1798.140(v)(1)(L))	Yes (for employees); No for all others	You Automatically	No	Yes – service providers only, if needed for employee benefits and workplace accommodations

For job applicants, current and past employees or contractors, we use your Personal Information for the purposes stated below:

For Job Applicants:

- - To recruit employees, including evaluation of marketing and job offering services, website traffic, and referral sources;
  - To process your application for employment;
  - To conduct employment-related background screening and/or reference checks;
  - To send you correspondence and information relating to your application or your employment with the Company;
  - To verify your identity, citizenship, or legal right to work for the Company, or to assist or cooperate with obtaining relevant immigration documents;
  - To verify your educational background and/or degrees, certifications, or qualifications for the position you apply for;
  - To verify your prior employment;
  - To offer you employment with Company;
  - For testing, evaluation and/or reporting metrics, including but not limited to aggregating or anonymizing such information for workforce analytics, data analytics, and benchmarking;
  - To comply with applicable law or regulatory requirements, including legal requirements under state and federal law, law enforcement investigations or inquiries, as well as internal company reporting obligations, such as diversity, equity and inclusion initiatives and/or Equal Employment Opportunity Act reporting obligations;
  - To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for such activity;
  - For quality assurance purposes, including call monitoring or customer service, and debugging to identify and repair errors that impair existing intended functionality;
  - For auditing related to a current interaction with the applicant or employee and concurrent transactions, including, but not limited to, counting impressions to unique visitors, verifying positioning and quality of impressions, and auditing compliance with this and other standards;
  - To analyze the effectiveness of placement of job listings and job descriptions;
  - For fraud prevention; and
  - For internal research for technological development and demonstration.

For Employees, Contractors, and Past Employees/Contractors:

All of the above, plus:

- - To track time and attendance;
  - To administer employee benefits, such as medical, dental, and/or retirement benefits, including the recording and processing of eligibility of dependents and beneficiaries, absence and leave monitoring, insurance and accident management, and rewards or discount programs offered to employees;
  - To provide healthcare-related services, such as accommodations and/or services based on eligibility (e.g., disability, worker’s compensation, medical condition);
  - To provide payroll, invoice, and tax services, including reimbursement for expenses, salary administration, payroll management, payment of expenses, payment of state and/or federal income taxes (if applicable), social security and unemployment taxes, and to administer other compensation-related payments, including bonuses and equity, if applicable;
  - To conduct performance-related reviews, including performance appraisals, professional development, career planning, skills monitoring, job moves, promotions and staff re-structuring;
  - To ensure compliance, training, examination and other requirements (e.g., food safety, etc.) are met with applicable regulatory bodies or governing agencies;
  - To provide employees with other employment-related services, such as handling of employees’ claims, travel for the Company, or administration of separation from employment;
  - To assist you in case of an emergency, including maintaining contact information for you, your partner or spouse, and/or your dependents in case of personal or business emergency;
  - To maintain the safety and security of our employees, contractors, visitors and others, including maintenance of security on Company websites, apps, intranets and/or extranets (such as monitoring email and internet access, and ensuring secure network access and data integrity), maintenance of physical security (including controlled entry to Company worksites, monitoring of worksite locations, including using location monitoring for keys, key fob or key card entry to Company property or parking areas, and ensuring that employees, contractors and visitors comply with all applicable safety regulations;
  - In connection with audiovisual surveillance of public spaces;
  - For the tracking of Company-owned or Company-leased vehicles, computers, equipment, and devices, including, but not limited to, remote deletion of Company data on business or personal devices;
  - For verification of proper use of Company resources;
  - To facilitate a better working environment;
  - To maintain commercial insurance policies and overages, including for workers’ compensation and other liability insurance; and
  - For other purposes stated at or before the time of the collection of the information.

Further, please note that under the CPRA, we may use your employee or applicant information for Company business or other notified purposes, provided that the use of Personal Information is reasonably necessary and proportionate to achieve the operational purpose for which the Personal Information was collected or processed.

Exercising Your California Privacy Rights

You or your authorized agent may make a request to access, correct, delete, opt-out of the sale of your Personal Information, or limit the use of your Sensitive Personal Information by contacting us as follows:

- - Email Address: Hello@baciodilatte.us
  - Telephone Number: 818-444-6603
  - Postal Address:

BDL USA, Inc.
6800 Owensmouth Avenue
Canoga Park, CA 91303

If you use an authorized agent to submit your request, we may require proof of the written authorization you have given. We also may require you to confirm your identity and your residency in order to obtain the information, and you are only entitled to make this request twice in a 12-month period. For emails, please include “California Privacy Rights” as the subject line. You must include your full name, email address, and attest to the fact that you are a California resident. We will acknowledge your request within 10 days and respond to your request within 45 days or let you know if we need additional time. If you make this request by telephone, we may also ask you to provide the request in writing so that we may verify your identity. If we are unable to honor your request for any reason, we will notify you of the reason within the request time period.

15. Your Privacy Rights Under the General Data Protection Regulation

You Rights under the GDPR

This section of the Policy applies if you are a data subject who resides or is located in the European Economic Area (“EEA”). We adopt this section to comply with European privacy laws, including the General Data Protection Regulation (“GDPR”). Any terms defined in the GDPR have the same meaning when used in this section.

Under applicable law, we are considered the “data controller” of the Personal Information we handle under this Policy. In other words, we are responsible for deciding how to collect, use and disclose this information, subject to applicable law.

If you are a resident of or located within the EEA, you have certain data protection rights. These rights include:

- - Request access to your personal data. The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your personal data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you. This also enables you to receive a copy of the personal data we hold about you.
- - Request correction of the personal data that we hold about you. You have the right to have any incomplete or inaccurate information we hold about you corrected.
  - Object to processing your personal data. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation which makes you want to object to our processing of your personal data on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
  - Request erasure of your personal data. You have the right to ask us to delete or remove personal data when there is no good reason for us to continue processing it.
  - Request the transfer of your personal data. We will provide to you, or to a third-party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  - Withdraw your consent. You have the right to withdraw your consent on using your personal data. If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of the Service.

Legal Basis for Processing Personal Data under GDPR

We may process personal data under the following conditions:

- - Consent: You have given your consent for processing personal data for one or more specific purposes.
  - Performance of a contract: Provision of personal data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
  - Legal obligations: Processing personal data is necessary for compliance with a legal obligation to which the company is subject.
  - Vital interests: Processing personal data is necessary in order to protect your vital interests or of another natural person.
  - Public interests: Processing personal data is related to a task that is carried out in the public interest or in the exercise of official authority vested in the company.
  - Legitimate interests: Processing personal data is necessary for the purposes of the legitimate interests pursued by the company.

In any case, Bacio di Latte will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

See our Retention of Your Personal Information, Visitors Outside of the United States, and When We Disclose Information sections above for more information relevant under GDPR.

Exercising Your GDPR Rights

You may exercise your rights of access, rectification, cancellation and opposition by contacting us. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to you as soon as possible.

By email: Hello@baciodilatte.us

By phone number: 818-444-6603

You have the right to complain to a Data Protection Authority about our collection and use of your personal data. For more information, please contact your local data protection authority in the EEA.

16. Your Rights Under the Lei Geral de Proteção de Dados (LGPD)

If you are located in the national territory of Brazil, you have certain additional data protection rights under the Lei Geral de Proteção de Dados (“LGPD”). These rights include:

- - The right to confirmation of the existence of the processing;
  - The right to access the data;
  - The right to correct incomplete, inaccurate or out-of-date data;
  - The right to anonymize, block, or delete unnecessary or excessive data or data that is not being processed in compliance with the LGPD;
  - The right to the portability of data to another service or product provider, by means of an express request;
  - The right to delete personal data processed with the consent of the data subject;
  - The right to information about public and private entities with which the controller has shared data;
  - The right to information about the possibility of denying consent and the consequences of such denial; and
  - The right to revoke consent.

Legal Basis for Processing Data Under the LGPD

Company’s legal bases for collecting or processing your Personal Information are as follows:

- - We need to provide a service to you;
  - You have given us your consent to do so;
  - The processing is in our legitimate interests, and it is not overridden by your rights; or
  - To comply with the law.

Duration of Processing

Company will process and retain your Personal Information only for as long as is necessary for the purposes set out in this Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Information to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

Company will also retain Personal Information and usage data for internal analysis purposes. Usage Data is data collected automatically either generated using the Site or from the Site infrastructure itself (for example, the duration of a page visit). Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Site or we are legally obligated to retain this data for longer periods.

Exercising Your Rights Under the LGPD

If applicable, you may exercise any of your rights under the LGPD by submitting a verifiable data subject request to us by using the details in the Contact Us section below. You may make a request related to your Personal Information or on behalf of someone for which you have authorization. You must include your full name, email address, and attest to the fact that you are a citizen or resident of Brazil in your request. We may require you to confirm your identity and/or legal standing for the request as well as your residency to obtain the information. We will respond to your request within 15 days or let you know if we need additional time.

17. Questions / Changes in Privacy Policy

If you have questions or concerns with respect to our Privacy Policy, you may contact us by email at Hello@baciodilatte.us. We may elect to change or amend our Privacy Policy; in such event, we will post the policy changes in our Privacy Policy on the Site, and they will become effective on the date posted.