At Daily Sushi, ITPL (CAVS Food Pvt. Ltd. Under Franchise agreement with BUZA Foods Pvt. Ltd.) we are committed to protecting your privacy. This Privacy Policy explains what personal information we collect when you use our website or services, how we use and share that information, and your rights regarding your data. By using our website, you agree to the practices described in this Privacy Policy.
We limit the personal information we collect to what is necessary to provide our services. We do not plan to collect any new or additional personal information beyond what is described here. The types of information we collect include:
Information You Provide Directly When you contact us via phone or WhatsApp to make reservations or inquiries, you may provide personal details such as your name, phone number, and any information you choose to share. We use this information solely to handle your reservation or query and related services. (We currently do not collect personal data through online order forms or account sign-ups on our site, and have no plans to introduce such features in the near future.)
Order Information via Third-Party Services If you place delivery orders through third-party platforms like Zomato or Swiggy, those services collect your order and contact details to process the transaction. We may receive certain information from them (e.g. your name, delivery address, phone number, and order details) to fulfill your order. Please note that this information is initially collected by Zomato/Swiggy under their own privacy policies, and we only use it to prepare and deliver your order or address any issues with the order.
Automatically Collected Data (Cookies and Usage Data) When you visit our website, we use cookies and similar tracking technologies to automatically collect certain information about your device and browsing activities. This may include your IP address, browser type, pages viewed, date/time of visits, and referring page. We utilize third-party analytics and advertising tools (described below) that gather this usage data to help us understand how our site is used and to serve relevant advertisements. This data is generally collected in aggregate form and does not directly identify you by name. However, it may be considered personal data under some laws since it can be linked to a unique identifier (like a cookie ID or IP address).
We use the collected information for the following purposes:
To Provide Services We use the personal details you provide (via phone/WhatsApp or via order platforms) to confirm and manage your table reservations, respond to inquiries, and ensure that your orders are prepared and delivered correctly.
Fulfillment of Orders Information received from Zomato/Swiggy is used to process your food delivery orders – for example, to prepare the right items and have them delivered to the correct address. We may also use your contact number to communicate with you about the status of your order or for any issues related to the delivery.
Communication We may use your phone number or WhatsApp contact to communicate with you regarding your reservation or order (e.g., sending confirmation, updates, or responding to your messages). We will not use these channels to send marketing/promotional messages unless explicitly requested or consented by you.
Analytics and Website Improvement: We use usage data (via cookies) to analyze how visitors use our website, which pages are popular, and how users navigate the site. This helps us improve the website’s design, content, and user experience. For example, we use Google Analytics to gather insights into website traffic and interactions, allowing us to make informed decisions about improvements
Advertising and Marketing We use certain tracking technologies to deliver personalized advertisements and measure the effectiveness of our advertising campaigns. For instance, we use Google Ads and Facebook Pixel to show ads to our visitors on other platforms and to reach people who have previously visited our site with relevant promotions. These tools help us remind you of our products/services through ads and understand ad campaign performance (e.g., whether an ad resulted in an order or reservation).
Any advertising or retargeting we conduct is done in compliance with applicable policies – for example, Google’s requirements for remarketing, which mandate that we inform you about such activities in this policy
Compliance and Legal Obligations We may process and retain personal information to comply with legal requirements and regulations, or to respond to lawful requests by public authorities. Additionally, if necessary, we may use or disclose information to protect our rights, privacy, safety, or property, and/or that of our customers or others – for example, to prevent fraud or to enforce our terms and conditions.
We will only use your personal information for the purposes described above. If we need to use your data for any other purpose, we will update this Privacy Policy and, if required by law, seek your consent.
Our website uses cookies and similar technologies to enhance user experience, conduct analytics, and support our advertising programs. When you visit our site, small data files called cookies may be placed on your browser. These cookies and related technologies (like pixels or tags) allow us and our partners to recognize your device and collect information as described in the prior sections.
Cookies on our site may be used for
Essential Functions Some cookies are necessary for the website to function properly (e.g., to load core site features). These are typically session cookies and are not used for tracking. Analytics: We use Google Analytics to collect information about how visitors use our site. Google Analytics uses first-party cookies to gather data such as pages visited, time spent on site, interactions with features, and referring websites. This information is aggregated and anonymized (Google Analytics may anonymize IP addresses) and helps us analyze website traffic and user behavior
We use these insights to improve content and navigation. (Google Analytics data is managed by Google under their own privacy policy. If you wish, you can opt out of Google Analytics – see the “Your Choices” section below for how to do this.)
Advertising & Remarketing: Our site participates in online advertising networks that use cookies and similar technologies to deliver ads. In particular, we use Google Ads (including Remarketing and Conversion Tracking) and Facebook Pixel on our website: Google Ads Remarketing: We use Google’s remarketing and “similar audiences” features to show ads for our restaurant on other websites you visit after browsing our site. In practice, this means third-party vendors, including Google, may display our ads across the Internet on sites that you visit These vendors use cookies (such as the Google Ads cookie or DoubleClick cookie) on our site to track your visit and then to serve ads based on your past visits to our site.
For example, if you visited our menu page, you might later see an ad for our restaurant while reading news online. Google Ads Conversion Tracking also uses cookies to help us measure the effectiveness of our Google Ads – for instance, it lets us know if someone who clicked one of our ads later took a specific action on our website. These cookies do not reveal personally identifiable information to us; they simply allow us to identify that an anonymous visitor (identified by a cookie ID) saw our ad and revisited the site or completed an action. Facebook Pixel: We have installed the Facebook Pixel on our site, which is a small piece of code provided by Facebook. This pixel collects data about your actions on our site (e.g., clicking on certain pages or buttons) and sends it to Facebook. We use this data to build audiences for our Facebook ads and to measure ad performance. In other words, the Facebook Pixel helps us show you relevant ads on Facebook/Instagram (if you have a Facebook account) based on your interaction with our site, and it tells us if our Facebook ads are leading to visits or orders on our website .
The data collected via the Facebook Pixel may include information such as your IP address, browser type, pages visited, and possibly identifiers associated with your Facebook account (if you are logged into Facebook while browsing our site). This information is handled by Facebook in accordance with Facebook’s data policy, which allows them to use the data for ad targeting and providing aggregated reports to us. (If you wish to opt out of Facebook Pixel tracking, please see the “Your Choices” section below.) Other Third-Party Cookies: Besides Google and Facebook, we currently do not use other third-party advertising networks on our site. We also do not directly display third-party content like embedded videos, maps, or social media widgets that set their own cookies. If this changes in the future, we will update this policy accordingly. Your Choices (Opt-Out Options): Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Note that blocking all cookies might impact some functionality of our site. If you would like to opt out of specific types of data collection, here are some options: Google Analytics: You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on. This prevents Google Analytics scripts from running on websites you visit.
Google Ads Personalization: You can opt out of Google’s use of cookies for personalized advertising by visiting Google’s Ads Settings page and adjusting your preferences. Google also adheres to the Network Advertising Initiative (NAI) Code of Conduct, and you can opt out of interest-based advertising from Google and other participating companies via the NAI’s opt-out page These opt-outs typically work via cookies, so if you clear your cookies you may need to opt out again.
Facebook Ads: To opt out of Facebook (and Instagram) targeted ads based on the Facebook Pixel, you can adjust your ad preferences in your Facebook user settings. Under Facebook Settings > Ads > Ad Settings, you can disable ads based on data from partners (which includes data from sites like ours). Facebook is also a participant of the Digital Advertising Alliance (DAA); you can visit the DAA’s Consumer Choices page to globally opt out of interest-based ads from participating companies.
Do Not Track Some browsers offer a “Do Not Track” (DNT) signal. Currently, our site does not respond to DNT signals because of the third-party integrations we use (Google and Facebook) which do not honor DNT. We recommend using the opt-out methods described above for more effective control.
How We Share and Disclose Information
We understand the importance of keeping your personal information private. We do not sell your personal information to third parties.
We only share or disclose information in the following circumstances
With Service Providers: We may share your information with trusted third-party service providers who perform functions on our behalf. This includes sharing relevant details with our staff and partners to confirm your reservations or prepare your orders. For example, our restaurant staff will have access to reservation details and order information needed to serve you. We may also use third-party vendors for services such as website hosting or IT support; these vendors might have incidental access to data in the course of providing their services, but they are bound by confidentiality and only process data as instructed by us.
With Delivery and Order Partners: As noted, if you place an order through Zomato or Swiggy, those platforms handle the payment and order processing. They then share with us the information necessary to fulfill your order. We use that data internally (e.g., in our kitchen and delivery team) to complete the delivery. We might also update those platforms with the order status (like marking an order as completed). We do not share your personal information from orders with any external party other than the platform through which you ordered.
With Analytics and Advertising Partners: Data collected through Google Analytics, Google Ads cookies, and Facebook Pixel is shared with Google and Facebook respectively, because those platforms set the tracking technologies on our site and process the data for the purposes described above. For example, Google may receive certain info about your visit via Google Analytics and Ads cookies, and Facebook receives data through the Facebook Pixel integration. These companies act as independent data controllers for the information they collect (under their own privacy policies), but we ensure that our use of their services is in line with their terms and privacy requirements. We do not receive personal identifiers like your name from these tools – only aggregated reports or cookie identifiers. (See Cookies and Tracking above for more details on what is collected and how it’s used.)
For Legal Reasons: We may disclose information about you if required to do so by law or legal process (for example, in response to a valid court order, subpoena, or government request). We may also disclose information if we believe, in good faith, that such disclosure is necessary to investigate or protect against harmful activities against our guests, associates, or property (including this site), or to enforce our policies, or to respond to an emergency.
Business Transfers: In the unlikely event that our business undergoes a major transaction such as a merger, acquisition, restructuring, or sale of assets, personal information in our possession may be part of the transferred assets. We will ensure that the new owner, if any, understands that they must honor the commitments we have made in this Privacy Policy, and we will provide notice to users if their personal data is to be handled under a different privacy policy as a result of such a transaction.
Other than the situations above, we will not share your personal data with third parties unless we have your explicit consent to do so. For instance, we will not give or sell your phone number to outside marketers, and we do not share customer lists with unrelated parties.
We are based in India, and that is where our restaurant operations and primary website servers are located. However, the personal data we collect may be transferred to and processed in other countries. For example, the third-party services we use (Google Analytics, Google Ads, Facebook) may store or process data on servers located in the United States or other countries. Similarly, if you are accessing our site from outside India, your information will travel across borders to reach our servers in India or to reach the third-party services we utilize. Different countries have different data protection laws. Some may not provide the same level of legal protection for your personal information as your home country. We want to assure you that, regardless of where your data is processed, we take steps to protect it in line with this Privacy Policy. When we transfer data internationally, we do so in compliance with applicable legal requirements. This may include, for example, relying on adequacy determinations (if the destination country is deemed to have adequate data protection by relevant authorities) or implementing standard contractual clauses and other safeguards for transfers of personal data from regions like the European Economic Area (EEA). By using our site or providing us information, you consent to the transfer of your personal information across international borders as described here. If you are an EU/EEA visitor, please note that Google and Facebook are U.S.-based companies, and data shared with these services (usage data, cookies) will likely be transmitted to servers in the United States. Both Google and Facebook have committed to protecting personal data in accordance with EU standards through measures like standard contractual clauses. If you have questions about international transfer of your data, feel free to contact us using the information in the Contact Us section.
We will retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements. For instance, if you share personal details with us to make a reservation or inquiry, we may retain that information until your reservation is completed (and for a short while after, in case of any follow-up needs or recurring visits). We typically do not maintain long-term records of reservation inquiries unless required for business records.
For order information received via Zomato/Swiggy, we will retain order details as part of our sales records. These may be kept for a longer period (e.g., a few years) as required by taxation or business laws, but access to personal elements (like your contact details) is restricted to authorized personnel only.
Analytics data collected via Google Analytics is retained per Google’s default settings or our configuration. Currently, we use analytics primarily in aggregate form; however, Google Analytics allows setting a retention period (e.g., 14 months or longer) for user-level data. We have configured our Google Analytics to retain data for 12 months after which it is deleted automatically by Google.
Advertising cookies used for Google Ads/Facebook Pixel may remain on your browser until they expire or are deleted by you. For example, the cookie used by Google Ads might have a typical duration of 30-90 days (or up to 540 days for certain remarketing cookies), and Facebook cookies/pixel identifiers may persist for a similar period. We do not control the lifespan of third-party cookies; however, you can clear these cookies any time via your browser settings.
If you contact us with a privacy request or question, we will retain our correspondence and any associated information for our records (to demonstrate compliance with legal requirements or to effectively address your concerns), consistent with applicable law.
When we no longer have a lawful reason or business need to keep your personal data, we will securely delete or anonymize it. If deletion is not immediately feasible (for example, because the data is stored in backup archives), we will isolate it and protect it from further processing until deletion is possible.
We take reasonable measures to protect the security of your personal information. These measures include administrative, technical, and physical safeguards appropriate to the volume and sensitivity of data we handle. For example, we restrict access to personal data on a need-to-know basis for our employees and service providers, and our computers/servers are protected by standard security practices (such as firewalls, encryption for sensitive data, and secure networks). While we strive to use commercially acceptable means to protect your personal information, no website, server, or data transmission is 100% secure. Therefore, we cannot guarantee absolute security of information. You are also responsible for maintaining the security of any personal devices or accounts you use to communicate with us (for instance, protecting your WhatsApp account or email from unauthorized access). If you have reason to believe that your interaction with us is no longer secure (for example, if you suspect that the privacy of any information you shared has been compromised), please contact us immediately so we can address the issue.
Depending on your jurisdiction or where you reside, you may have certain legal rights with respect to your personal information. We are committed to honoring these rights and have outlined key rights below. This includes rights under the General Data Protection Regulation (GDPR) for individuals in the European Union/EEA (and equivalent rights under UK data protection law), as well as rights under the California Consumer Privacy Act (CCPA) (as amended by the CPRA) for California residents. We also extend similar principles of transparency and control to all our users, even if local laws do not mandate them. Rights of Individuals in the EU/EEA (GDPR) If you are located in the European Union, European Economic Area, or another jurisdiction with similar data protection laws, you have the following rights regarding your personal data: Right to Be Informed: You have the right to be informed about the collection and use of your personal data.
This Privacy Policy is one way we meet this right by explaining what data we collect and why.
Right of Access: You can request a copy of the personal data we hold about you and information on how we process it.
This allows you to confirm whether we’re processing your data and to check its lawfulness.
Right to Rectification: If any of your personal information that we have is incorrect or incomplete, you have the right to request that we correct or update it.
Right to Erasure (Right to Be Forgotten): You can ask us to delete your personal data in certain circumstances.
for example, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent (where applicable) and no other legal ground for processing applies. We will honor such requests to the extent required by law and will inform you of the outcome. Right to Restrict Processing: You have the right to request that we limit the processing of your personal data (i.e., store it but not use it) in certain situations
This might apply if you contest the accuracy of the data or object to us processing it, for instance. When processing is restricted, we will still store your information but not use it further until the restriction is lifted (except for certain exempt purposes such as legal claims). Right to Data Portability: Under certain conditions, you have the right to obtain the personal data you provided to us in a structured, commonly used and machine-readable format, and to transfer that data to another controller
For example, if you provided us with certain contact details and you want to reuse them elsewhere, we will supply you with a copy in a portable format.
Right to Object: You have the right to object to our processing of your personal information when such processing is based on our legitimate interests or for direct marketing purposes
For instance, you can object to the use of your data for marketing/advertising profiling. If you lodge an objection, we will review our processing and, unless we have compelling legitimate grounds to continue, we will stop processing the personal data you objected to.
Specifically, you can always object to direct marketing – if you tell us you don’t want to receive marketing messages or to have your data used for targeted advertising, we will honor that request.
Right Not to be Subject to Automated Decisions: We do not currently make decisions based solely on automated processing (including profiling) that have legal or similarly significant effects on individuals. If in future we did so, you would have the right not to be subject to such decisions without human intervention.
Right to Withdraw Consent: In cases where we rely on your consent to process personal data (for example, if we ever ask for consent to send marketing communications), you have the right to withdraw that consent at any time
Withdrawing consent will not affect the lawfulness of any processing we did based on your consent before withdrawal, and it won’t affect processing under other lawful bases. If you withdraw consent, we will stop the specific processing that was based on consent (e.g., stop sending the newsletter you signed up for).
Right to Lodge a Complaint: If you believe we have infringed your data protection rights, you have the right to complain to a supervisory authority in the EU. For example, if you are in the EU, you can contact the data protection authority in your country of residence or where the alleged infringement occurred. We would, however, appreciate the chance to address your concerns directly before you do this – so please feel free to contact us first, and we will do our best to resolve the issue.
Legal Basis for Processing (GDPR): The GDPR requires us to mention the legal bases on which we process your personal data. We generally rely on one or more of the following bases: Contractual Necessity – e.g., when processing your data to manage a reservation or order you requested; Legitimate Interests – e.g., using cookies for analytics and marketing is based on our legitimate interest in improving our services and promoting our business (we balance this against your privacy rights and provide opt-outs as described).
Legal Obligation – if we need to retain or disclose data to comply with a law; and Consent – for cases where we explicitly ask your consent (such as certain cookie uses in jurisdictions that require it, or future email marketing subscriptions). We will make sure to obtain consent when required by law (for instance, showing you a cookie consent banner if you are in the EU, per the ePrivacy Directive/Cookie Law.
If you ever have questions about the specific legal basis for a particular processing activity, please contact us.
If you are a resident of California, you are entitled to specific rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). These rights (detailed in Cal. Civ. Code § 1798.100 et seq.) include: Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you in the last 12 months, the categories of sources of that information, the purpose for collecting it, and the categories of third parties with whom we shared it. Upon verifiable request, we will provide this information to you for the 12-month period preceding your request.
Right to Delete: You have the right to request that we delete any personal information we have collected from you (subject to certain exceptions) .
Once we receive and confirm a verifiable deletion request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies (for example, if we need to keep information to complete a transaction you requested, for security, to comply with a legal obligation, etc.). We will inform you of any such exceptions in our response.
Right to Opt-Out of Sale/Sharing: The CCPA gives you the right to opt out of the sale of your personal information to third parties
It’s important to note that we do not sell personal information to third parties for monetary value, and we also do not share your personal information for cross-context behavioral advertising in a manner that would be considered a “sale” or “sharing” under CCPA definitions (for instance, we don’t exchange your data with third parties for their own marketing). Because we do not sell or share personal data in this way, we do not provide a “Do Not Sell or Share My Personal Information” link on our website. If this changes in the future, we will update our Privacy Policy and website to include such an option.
Right to Correct: (Effective January 2023 under CPRA) You have the right to request correction of inaccurate personal information we hold about you. If you identify information that is incorrect, please let us know and upon verification, we will correct it as required.
Right to Limit Use of Sensitive Personal Information: We do not collect or process “sensitive personal information” as defined under CPRA (such as precise geolocation, social security numbers, financial account passwords, etc.) beyond what is necessary to provide our services (for example, a phone number might be considered sensitive under CPRA). If in future we collect sensitive information for additional purposes, California residents would have the right to limit our use of such information to only what is necessary to perform the services or provide the goods.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
This means we will not deny you services, charge you a different price, or provide a different level of quality of service just because you exercised your rights under CCPA. For example, if you ask us to delete your data or opt out of data sharing, we will not treat you unfairly or deny you services as a result. The CCPA allows businesses to offer certain financial incentives for collecting personal data (such as discounts or loyalty programs), but we currently do not offer such programs. If we ever do, we will provide you with appropriate notice and details, and participation would be optional and with your consent.
Submitting CCPA Requests: If you are a California resident and wish to exercise your Right to Know, Right to Delete, or any other rights, you may contact us using the information in the Contact Us section below. Please include “CCPA Request” in your communication and describe the nature of your request. We will take steps to verify your identity (for instance, by asking you to provide information matching our records) before processing the request, as required by law. You may also designate an authorized agent to make a request on your behalf; if you do so, we will need proof of the agent’s authorization and may still verify your identity directly. We aim to respond to verifiable consumer requests within 45 days as mandated (and may extend once for an additional 45 days with notice if needed). Categories of Personal Information Collected (CPRA Compliance): For transparency, here are the general categories of personal information we have collected in the past 12 months, as defined by California law, and to whom we have disclosed such information for a business purpose (we do not sell these): Identifiers: e.g., name, phone number, WhatsApp ID, device IP address. Sources: Provided by you (phone/WhatsApp), or collected via your device (IP). Business Purpose: Reservations, orders, communication, analytics, advertising. Disclosed to: Service providers (e.g. staff, delivery platforms), analytics/advertising partners (Google, Facebook – via cookies).
Customer Records Information: e.g., delivery address or order details (if you order via third-party). Sources: You (via Zomato/Swiggy which passes it to us). Business Purpose: Fulfilling food orders. Disclosed to: Service providers (delivery personnel).
Internet or Network Activity: e.g., browsing history on our site, interactions with our site, cookie IDs. Sources: Collected automatically via cookies/pixels on our site. Business Purpose: Site analytics, ad targeting. Disclosed to: Analytics/advertising partners (Google, Facebook) through their tracking scripts.
Geolocation Data: (general location such as city, inferred from IP). Sources: Your device/IP and third-party analytics. Business Purpose: Understanding site usage demographics (e.g., what regions visitors come from). Disclosed to: Google Analytics (as part of usage data). Sensitive Personal Information: We do not actively collect sensitive data like financial info, government IDs, or precise geo-location via our site. The only potential piece might be if a phone number is considered “sensitive” under CPRA. We use phone numbers solely for customer-initiated communication and do not use or disclose them for any purpose outside of providing service (no unauthorized use).
We provide this detail to comply with CPRA’s transparency requirements. For more details or specific inquiries, please contact us. Note for Non-California US Residents: Even if you are not in California, we strive to respect similar rights. If you are in a U.S. state with a privacy law (e.g., Virginia, Colorado) that grants you certain rights, please reach out to us — we will honor valid requests to the extent applicable privacy laws require.
Our services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 years old (or under the applicable age of consent in your jurisdiction, if higher). Children should not use our website or services to provide personal information. If you are a minor between 13 and 18, you should only use our site under the supervision of a parent or guardian and with their consent. If we learn that we have inadvertently collected personal data from a child under 13 (for instance, if a child sends us a message or order), we will take prompt steps to delete that information from our records, unless we are legally obligated to retain it. If you believe that a child under 13 may have provided us personal information, please contact us immediately so we can investigate and address the issue.
We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will modify the “Effective Date” at the top of this policy. For any significant changes, we will provide a more prominent notice (such as a banner on our website or a direct notification, if appropriate). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after any updates to this Privacy Policy constitutes acceptance of the changes, to the extent permitted by law. If we seek to use your personal information for a new purpose not originally disclosed, we will endeavor to notify you and, if required, seek your consent.
If you have any questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise any of your rights as described above, please contact us at: Daily Sushi ITPL