Privacy Policy

This Privacy Policy describes how Chuys ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at chuys.rest, use our online ordering services, participate in our loyalty programs, or otherwise interact with us. We are committed to protecting your privacy and handling your personal data with transparency, integrity, and respect.

Please read this Privacy Policy carefully. By accessing or using our website, placing an order, or otherwise providing us with your personal information, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with this policy, please discontinue use of our services immediately.

For questions or concerns about this Privacy Policy, please contact us at [email protected] or visit our website at chuys.rest.

1. About Us

Chuys is a food service business operating in the United States. We operate the website located at chuys.rest and provide food-related services including online ordering, reservations, catering inquiries, and customer loyalty programs. Our contact information is as follows:

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information collected through:

• Our website at chuys.rest and any related subdomains or mobile-optimized versions;
• Online food ordering and delivery platforms operated by us;
• Email communications, newsletters, and promotional messages;
• Customer loyalty and rewards programs;
• Catering requests and event inquiries submitted through our website;
• Customer service interactions, whether by phone, email, or live chat;
• Social media pages and interactions where we act as a data controller;
• Surveys, contests, and promotional activities.

This policy does not apply to third-party websites linked from our website. We encourage you to review the privacy policies of any third-party sites you visit.

3. Information We Collect

We collect various categories of personal information depending on how you interact with us. Below is a detailed description of the types of data we may collect.

3.1 Personal Identification Information

When you create an account, place an order, subscribe to our newsletter, or contact us, we may collect:

• Full name;
• Email address;
• Phone number;
• Mailing address and delivery address;
• Date of birth (when required for age verification or promotional purposes);
• Username and password (encrypted) for account access;
• Profile photo or avatar (if voluntarily uploaded).

3.2 Transaction and Order Information

When you place an order or make a purchase through our website, we collect:

• Order history and items purchased;
• Payment information (note: full payment card numbers are not stored — see Section 7 for more details);
• Billing address and delivery address;
• Special requests or dietary preferences associated with your order;
• Coupon or promo codes used;
• Loyalty points earned and redeemed.

3.3 Usage and Technical Data

When you access our website, we automatically collect certain technical and usage information through cookies, log files, and similar technologies, including:

• IP address;
• Browser type and version;
• Operating system and device type;
• Pages visited, time spent on pages, and navigation paths;
• Referring URLs (how you arrived at our website);
• Date and time of your visit;
• Clickstream data and interactions with our content;
• Error logs and performance data.

3.4 Location Information

With your permission, we may collect approximate or precise geolocation data to:

• Help you find the nearest Chuys location;
• Provide accurate delivery estimates;
• Personalize offers and promotions based on your region.

You may disable location sharing at any time through your device settings or browser preferences.

3.5 Communications Data

When you contact us by email, phone, or through our website contact form, we collect the content of your communications, your name, contact details, and any additional information you voluntarily provide.

3.6 Social Media and Third-Party Data

If you choose to log into our website using a third-party social media account (such as Google or Facebook), we may receive certain profile information from that platform, including your name, email address, and profile picture, as permitted by your privacy settings on that platform.

3.7 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to enhance your experience on our website. For full details, please refer to Section 9 (Cookie Usage) of this policy.

4. How We Use Your Information

We use the personal information we collect for a variety of legitimate business purposes, including but not limited to the following:

4.1 Providing and Improving Our Services

• Processing and fulfilling your food orders and delivery requests;
• Managing your customer account and loyalty program membership;
• Responding to your inquiries, complaints, and customer service requests;
• Personalizing your experience on our website and mobile platforms;
• Developing new features, menu offerings, and services based on customer feedback;
• Ensuring the technical functionality and security of our website.

4.2 Marketing and Promotions

• Sending you promotional emails, newsletters, and special offers (with your consent where required by law);
• Displaying personalized advertisements on our website and third-party platforms;
• Notifying you about new menu items, seasonal specials, contests, and events;
• Administering loyalty reward programs and sending points balance updates.

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any email we send, or by contacting us at [email protected].

4.3 Analytics and Business Intelligence

• Analyzing website traffic patterns and user behavior to improve our online presence;
• Understanding customer preferences to tailor menu offerings and services;
• Measuring the effectiveness of our marketing campaigns;
• Conducting internal research and business planning.

4.4 Legal Compliance and Safety

• Complying with applicable federal, state, and local laws and regulations;
• Responding to lawful requests from government agencies, law enforcement, or courts;
• Detecting, preventing, and investigating fraud, unauthorized access, and other illegal activities;
• Protecting the rights, property, and safety of Chuys, our customers, and the public;
• Enforcing our Terms of Service and other applicable agreements.

4.5 Payment Processing

We use your financial information solely to process payments for orders and services you request. Payment processing is handled through secure, PCI-DSS compliant third-party payment processors. We do not store complete credit or debit card numbers on our servers.

5. Legal Basis for Processing (Applicable Law)

As a business operating in the United States, our data practices are governed by applicable federal and state laws, including:

• The Federal Trade Commission Act (FTC Act) — which prohibits unfair or deceptive practices related to consumer privacy and data security;
• The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) — which provide specific rights to California residents regarding their personal information (see Section 10 for details);
• The Children's Online Privacy Protection Act (COPPA) — which governs the collection of information from children under 13;
• Other applicable state privacy laws, including those in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states with comprehensive privacy legislation.

We process your personal information based on the following legal grounds: (a) performance of a contract (processing your order), (b) your consent (marketing communications), (c) legitimate business interests (analytics, fraud prevention), and (d) legal obligations (regulatory compliance).

6. Sharing Your Information with Third Parties

We do not sell your personal information to third parties for monetary compensation. However, we may share your information in the following limited circumstances:

6.1 Service Providers and Business Partners

We work with trusted third-party companies and individuals to help operate our website and business. These service providers may access your personal information only to perform services on our behalf and are contractually obligated to protect it. Categories of service providers include:

• Payment processors and financial institutions;
• Food delivery and logistics partners;
• Cloud hosting and data storage providers;
• Email marketing and customer communication platforms;
• Analytics and advertising technology providers;
• Customer relationship management (CRM) software providers;
• IT support and cybersecurity service providers.

6.2 Legal Requirements

We may disclose your personal information if required to do so by law, court order, or government regulation, or when we believe in good faith that disclosure is necessary to:

• Comply with a legal obligation or respond to a valid legal process;
• Protect and defend the rights or property of Chuys;
• Prevent or investigate possible wrongdoing in connection with our services;
• Protect the personal safety of users of our services or the public.

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to the acquiring entity as part of the transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

6.4 With Your Consent

We may share your personal information with other third parties when we have your explicit consent to do so. You may withdraw your consent at any time by contacting us.

6.5 Aggregated or De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you. This data may be shared with advertisers, research partners, or the public for business or marketing purposes.

7. Data Security

We take the security of your personal information seriously. We implement a range of technical, administrative, and physical safeguards to protect your data against unauthorized access, disclosure, alteration, and destruction, including:

7.1 Technical Safeguards

• SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using industry-standard Secure Socket Layer (SSL) or Transport Layer Security (TLS) technology;
• Encrypted Storage: Sensitive data, including passwords and financial information, is stored using strong encryption algorithms;
• Firewalls and Intrusion Detection: Our servers are protected by firewalls and intrusion detection systems to prevent unauthorized access;
• PCI-DSS Compliance: Our payment processing systems comply with Payment Card Industry Data Security Standards;
• Regular Security Testing: We conduct regular vulnerability assessments and penetration testing of our systems.

7.2 Administrative Safeguards

• Access to personal information is restricted to employees and service providers who need it to perform their job functions;
• All staff members who handle personal data receive training on data protection best practices;
• We maintain internal data governance policies and procedures;
• We conduct regular audits and reviews of our data protection practices.

7.3 Data Breach Response

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected individuals and relevant authorities as required by applicable law, including applicable state data breach notification laws. We will take immediate steps to contain the breach, assess its impact, and mitigate potential harm.

Despite our best efforts, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your personal information and encourage you to take steps to protect yourself, such as using strong, unique passwords and keeping your account credentials confidential.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The following general retention periods apply:

When personal information is no longer required, we securely delete, destroy, or anonymize it in accordance with our data retention schedule and applicable legal requirements.

9. Cookie Usage

We use cookies and similar tracking technologies on our website to enhance your browsing experience, analyze site traffic, and deliver personalized content and advertisements.

9.1 Types of Cookies We Use

• Essential Cookies: Necessary for the website to function properly, including maintaining your session, shopping cart, and login status;
• Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting information about page visits, traffic sources, and user behavior (e.g., Google Analytics);
• Functional Cookies: Remember your preferences such as language settings, location, and saved menu items;
• Marketing and Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns across websites.

9.2 Managing Your Cookie Preferences

You may control cookie settings through your browser settings or through any cookie consent mechanism we present on our website. Please note that disabling certain cookies may affect the functionality of our website. Most browsers allow you to:

• View and delete cookies stored on your device;
• Block future cookies from being set;
• Be notified before a cookie is placed.

For more detailed information about the specific cookies we use, how we use them, and how you can manage your preferences, please refer to our full Cookie Policy available on our website at chuys.rest.

10. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

10.1 Rights for All Users

• Right to Access: You may request a copy of the personal information we hold about you;
• Right to Correction: You may request that we correct inaccurate or incomplete personal information;
• Right to Deletion: You may request that we delete your personal information, subject to certain exceptions;
• Right to Opt-Out of Marketing: You may opt out of receiving marketing communications at any time;
• Right to Data Portability: Where technically feasible, you may request a copy of your data in a structured, machine-readable format.

10.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: The right to know what personal information we collect, use, share, and sell;
• Right to Delete: The right to request deletion of your personal information that we have collected, subject to certain exceptions;
• Right to Correct: The right to request correction of inaccurate personal information;
• Right to Opt-Out of Sale or Sharing: The right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell personal information for monetary compensation, but if we share data for advertising purposes, you may opt out;
• Right to Limit Use of Sensitive Personal Information: The right to restrict how we use certain sensitive personal information;
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. We will not deny you goods or services, charge different prices, or provide different quality of service based on your exercise of these rights.

To submit a verifiable consumer request under CCPA/CPRA, please contact us at [email protected]. We will respond to verified requests within 45 days, with a possible 45-day extension when necessary.

10.3 Rights Under Other State Laws

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws may have similar rights, including the right to access, correct, delete, and port their personal information, and the right to opt out of targeted advertising and profiling. Please contact us to exercise these rights.

10.4 How to Exercise Your Rights

To exercise any of the rights described above, please submit a request to us by:

• Email: [email protected]
• Website: chuys.rest

We will verify your identity before processing your request to protect your privacy and security. Verification may involve confirming your email address, account details, or other identifying information.

11. Children's Privacy

We do not knowingly collect personal information from children under the age of 13. Our website and services are not directed to minors. If you are under 18 years of age, you should not use our website or provide any personal information without the consent and supervision of a parent or legal guardian.

If we become aware that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take immediate steps to delete that information from our records. If you believe we may have collected information from a child under 13, please contact us immediately at [email protected].

We comply with the Children's Online Privacy Protection Act (COPPA) and all applicable laws related to the protection of children's privacy online.

12. International Data Transfers

Chuys is based in the United States and operates primarily within the United States. However, some of our third-party service providers may be located in other countries. If personal information is transferred outside of the United States, we take steps to ensure that appropriate safeguards are in place to protect your information in accordance with applicable law.

By using our website and services, you acknowledge and consent to the transfer of your personal information to the United States and to any other countries where our service providers operate. Please note that privacy laws in these countries may differ from those in your country of residence.

When we transfer personal data internationally, we use recognized legal mechanisms such as contractual clauses and data processing agreements to ensure that your data receives an adequate level of protection.

13. Third-Party Links and Services

Our website may contain links to third-party websites, social media platforms, or services that are not owned or controlled by Chuys. These third-party sites have their own privacy policies, and we are not responsible for their content or privacy practices. We encourage you to review the privacy policy of any third-party website you visit.

We may use third-party services such as Google Analytics, Meta Pixel, or similar tools to analyze user behavior and deliver targeted advertisements. These services may collect information about your online activities across different websites and over time. You can opt out of certain third-party data collection by visiting the applicable opt-out pages:

• Google Analytics Opt-Out: tools.google.com/dlpage/gaoptout
• Network Advertising Initiative Opt-Out: networkadvertising.org
• Digital Advertising Alliance Opt-Out: aboutads.info/choices

14. Do Not Track Signals

Some web browsers may transmit "Do Not Track" (DNT) signals to websites. At this time, there is no universally accepted standard for how companies should respond to DNT signals. Our website does not currently respond to DNT signals from web browsers. However, you may manage your cookie preferences and opt out of tracking through the mechanisms described in Section 9 of this policy.

15. Marketing Communications and Opt-Out

With your consent (where required by law), we may send you promotional emails, newsletters, loyalty program updates, and other marketing communications. You can opt out of receiving these communications at any time by:

• Clicking the "Unsubscribe" link included in any marketing email we send you;
• Contacting us directly at [email protected] with the subject line "Unsubscribe";
• Updating your communication preferences in your account settings on our website.

Please note that even if you opt out of marketing communications, we may still send you transactional or administrative messages, such as order confirmations, delivery updates, and important account notices, as these are necessary for providing our services to you.

16. How to File a Complaint

If you have concerns about how we handle your personal information and believe that we have failed to comply with applicable privacy laws, we encourage you to contact us first so we can try to resolve the matter directly:

We will acknowledge your complaint within 5 business days and aim to provide a substantive response within 30 days. If we are unable to resolve your complaint to your satisfaction, you may have the right to file a complaint with the appropriate regulatory authority:

16.1 Federal Trade Commission (FTC)

The FTC is the primary federal agency responsible for consumer protection in the United States, including matters relating to privacy and data security. You may file a complaint with the FTC at:

• Website: ftc.gov/complaint
• Phone: 1-877-382-4357

16.2 State Attorney General Offices

California residents may also file a complaint with the California Privacy Protection Agency (CPPA) or the California Attorney General's office. Residents of other states may file complaints with their respective state Attorney General offices regarding violations of state privacy laws.

• California Attorney General: oag.ca.gov/privacy/ccpa
• California Privacy Protection Agency: cppa.ca.gov

17. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our business practices, applicable laws, or technology. When we make material changes, we will:

• Post the updated Privacy Policy on our website with a revised "Last Updated" date;
• Send an email notification to users who have provided their email address, when required by law or when changes are material;
• Display a prominent notice on our website for a reasonable period following the update.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our website or services after the posting of changes constitutes your acceptance of the updated Privacy Policy.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us using the information below:

We are committed to working with you to resolve any privacy concerns you may have. Our privacy team will respond to your inquiry as promptly as possible, typically within 5–10 business days.