Privacy

PRIVACY POLICY

VERSION 1.0 LAST REVISED ON: 03/26/2020

COMPANY: Gandolfo’s New York Delicatessen and its affiliated entities (“Company”, “us”, “our”, and “we”)

COMPANY ADDRESS:

Attention: Dan Pool

1475 Buford Drive, #403-116

Lawrenceville, GA 30043

Telephone: 770-833-1139

Email: customerservice@gandolfosdeli.com

COMPANY WEBSITE: The website located at www.gandolfosdeli.com (together with any websites on related domains or subdomains, the “Site”).

COMPANY MOBILE APPS: The mobile or online application(s) entitled “Gandolfo’s” (collectively, the “App”).

AGREEMENT

This Privacy Policy (this “Policy”) is a legal agreement between you and your business, if applicable, on the one hand (together, “you” or “your”), and Company (as defined above) on the other hand. This Policy describes how Company may collect, use and share your personal information during your access to or use of (i) any websites or web application provided, published, developed or made available by the Company, including the Site; (ii) any mobile or online applications provided, published, licensed, developed or made available by the Company, including the App; and (iii) any feature, content, software, hardware, services or other products available on or through the Site or the App or otherwise provided by the Company (together with the Site and the App, the “Services”). This Policy shall not apply to Services that post different privacy policies.

  1. WHAT INFORMATION IS COLLECTED. Company may collect, store and use certain information about you and your usage of the Services from time to time (this information is referred to as your “User Information” throughout this Policy). Company is permitted to collect any User Information from or about you or your usage of the Services that is not otherwise prohibited by applicable privacy laws. Some of the User Information that Company collects may include, but is not limited to, the following (except where prohibited by applicable privacy laws):

1.1 Personal Information. Any personally-identifiable information that you provide in connection with any Services, including, without limitation: your name, email address, mailing address, phone number, photograph, birthdate, passport, driver’s license, government-issued identification numbers, and other similar information provided with respect to your business or its employees, officers, representatives or affiliates, and certain historical, contact, and demographic information about you.

1.2 Device Information. Information about your device when you access any Services, including hardware model, operating system and version, unique device identifier, mobile network information, and information about the device’s interaction with the Services, as well as information about the location of your device when using any Services.

1.3 Payment Information. Information provided in connection with you making, accepting, requesting or recording payments, credits or money transfers through any Services, including: payment card numbers, bank accounts information, when and where the transactions occur, the names of the transacting parties, a description of the transactions, the payment or transfer amounts, billing and shipping information, and the devices and payment methods used to complete the transactions.

1.4 Tax Information. Information regarding your tax information, including withholding allowances and tax filing status.

1.5 Purchase Information. Information and data about your purchase information and preferences, including products and services purchased, amounts paid, frequency of purchases, location of purchases, and similar information.

1.6 Usage Information. Information and data about how you use the Services, including access time, Services accessed, browser type and language, Internet Protocol (“IP”) address, other applications on your device, webpages and applications viewed and used, time spent on webpages and applications, links clicked, and conversion information (e.g., transactions entered into).

1.7 Aggregated Data. Aggregated data about your or your use of Services, or any other aggregated form of the other types of User Information set forth above. Aggregated data that we collect cannot be specifically associated with you individually, unlike most of the other forms of User Information.

  1. HOW USER INFORMATION IS COLLECTED. When you use any Services, Company uses various technologies to collect certain User Information about you. Some of the ways that Company collects this information are as follows (except where prohibited by applicable privacy laws):

2.1 Information Given By You. You provide some User Information when you register for your account with the Services and as you use the Services.

2.2 Automatic Collection. User Information can be recorded and collected by software or processes that run automatically on your computer or Company’s servers as you use the Services.

2.3 Cookies. User Information may be collected by sending cookies to your device. Cookies are small data files that are stored on your hard drive or in your device memory when you use the Services. Among other things, cookies support the integrity of the Company registration process, retain your preferences and account settings, and help evaluate and compile aggregated statistics about your activity. Company may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by the browser on subsequent uses of the Services. Company may link the information stored in cookies to your User Information submitted while using the Services. You can typically remove and reject cookies from our Site with your browser settings. Many browsers are set to accept cookies until you change your settings. If you remove or reject our cookies, it could affect how the Services are provided.

2.4 Web Beacons. User Information may also be collected by using web beacons. Web beacons are electronic images that may be used in connection with the Services. Company may use web beacons to deliver cookies, track the number of visits to the Services, understand Service usage and effectiveness, and determine whether an email has been opened and acted upon.

2.5 Collection from Third Parties. User Information is also collected from third parties that already have access to certain of your User Information, including third-party verification services, credit bureaus, mailing list providers, and publicly available sources. In some circumstances, where lawful, this information may include your government-issued identification number.

2.6 Collection from Service Providers. Company may also use third-party service providers to collect User Information. These third parties may use cookies, web beacons, and other technologies to collect User

Information. This Privacy Policy does not apply to, and Company is not responsible for, third-party cookies, web beacons, or other tracking technologies, which are covered by such third parties’ privacy policies. Company continually evaluates analytics services to use in addition its own, and Company may update this policy in the future to reflect Company’s ongoing use of said services.

  1. HOW COLLECTED USER INFORMATION IS USED. Company may use, publish, store, duplicate, manipulate and share User Information in any way not otherwise prohibited by applicable privacy laws. Specific ways that Company may use User Information include, but are not limited to, the following (except where prohibited by applicable privacy laws):

3.1 Providing, Improving and Using the Services. User Information is stored and used so that you can verify your identify in connection with creating and accessing your account with the Services, and to deliver, operate, provide, maintain, enhance, personalize, tailor and facilitate your use of the Services. User Information is also used to develop new products and Services, provide optimization, statistical analysis, and improvements for existing Services, and to improve web design and functionality.

3.2 Communication Purposes. User Information is used to deliver technical notices, security alerts, support messages, administrative notices and alerts, and communications relevant to your use of the Service, as well as to inform you about software compatibility issues, send news or information, conduct surveys and collect feedback. User Information is also used to communicate with you about products, services, contests, promotions, discounts, incentives, gift cards, loyalty programs, and rewards, based on your communication preferences and applicable privacy laws.

3.3 Facilitate Payments. Using and storing your User Information is also necessary for us to be able to process or record payment transactions or money transfers.

3.4 Track and Display Consumer Behavior. User Information is stored so that the Services can track historical transactions, payments, invoices, receipts and past order information. User Information is also used to display current, ongoing, pending or requested transactions or orders.

3.5 Legal Compliance. User Information is stored so that we can comply with applicable laws and regulations, including the privacy laws and anti-money laundering laws.

3.6 Aggregated Data Collection. User Information is collected and aggregated to monitor aggregate usage and web traffic routing of all users of the Services, as well as to generate aggregated statistics about purchasing behavior of different demographics and populations.

3.7 Dispute Resolution; Contract Enforcement. User Information may be used to resolve disputes; collect fees; provide assistance with problems with Services; protect Company rights or property or the security or integrity of the Services; enforce the Terms of Use and other terms and conditions that govern use of the Services; and investigate, detect and prevent fraud, security breaches, and other potentially prohibited or illegal activities.

  1. HOW COLLECTED USER INFORMATION IS SHARED. Company may share User Information in any way not otherwise prohibited by applicable privacy laws. Specific ways that Company may share your User Information include, but are not limited to, the following (except where prohibited by applicable privacy laws):

4.1 With Consent. User Information may be shared with other parties with your consent, such as for marketing uses that you authorize or consent to.

4.2 Facilitate Third Party Services. User Information may be also shared with trusted third-party service providers without your consent who provide services and functions necessary to the delivery and performance of the Services, such as anonymous site metrics, analytics services, payment processing, point of sale

services, task management services, delivery of loyalty programs, management of gift cards, creation and delivery of promotional materials, product support and maintenance, order fulfillment and shipment/delivery of products and Services to users, and other features or services included in or necessary for the Services.

4.3 Delivery of Targeted Services and Ads. User Information may also be shared or licensed to third-parties without your consent to deliver targeted and non-targeted third-party content and advertisements in connection with the Services as well as un-related services, websites and applications.

4.4 For Legal and Safety Purposes. Company may share User Information for legal, protection, and safety purposes, such as to comply with laws, respond to lawful requests and legal processes, protect the rights and property of Company against competitors or claimants, and enforce our agreements, policies, and terms of use.

4.5 Sale of User Information. User Information may be sold, transferred or assigned to third-parties without your consent for their own uses, subject to applicable privacy laws.

  1. HOW COLLECTED USER INFORMATION IS PROTECTED.

5.1 Protective Measures. Company takes commercially reasonable measures, including administrative, technical, and physical safeguards, to (i) protect User Information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction, (ii) ensure the security, confidentiality, and integrity of the User Information, (iii) protect against any anticipated threats or hazards to the security or integrity of the User Information, (iv) protect against unauthorized access to, or unauthorized use or disclosure of, the User Information, and (v) take such security measures required by any applicable privacy laws.

5.2 Third Party Partners and Employees. Company may itself, or it may use third-party service providers to, hold, process and store User Information, including in the United States, Japan, the European Union and other countries. Company restricts access to User Information to those employees, contractors, and agents who need to know that information for purposes of performing their obligations to Company or to you, and who are subject to contractual confidentiality obligations, and who may be disciplined or terminated if they fail to meet these obligations. Company third-party service providers store and transmit User Information in compliance with appropriate confidentiality and security measures.

5.3 Security Breach. Company cannot guarantee that unauthorized third parties will never be able to defeat Company security measures or use User Information for improper purposes. In the event that any User Information in Company’s possession or under Company’s control is compromised as a result of a security breach, Company shall give prompt notice to you, with full particulars, and shall immediately commence a thorough investigation of any such incident. Company will not be liable for any damages, claims, liability, or causes of action that arise as a result of any such security breach or for failure to give prompt notice thereof.

  1. CONTACT INFORMATION; CHOICES AND CHANGES.

6.1 Changes to This Policy. This Policy is subject to occasional revision, and if we make any substantial changes, we may notify you by sending you an e-mail to the last e-mail address you provided to us (if any), and/or by prominently posting notice of the changes on the Site or through your account. You are responsible for providing us with your most current e-mail address. In the event that the last e-mail address that you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the e-mail containing such notice will nonetheless constitute effective notice of the changes described in the notice. Any changes to this Policy will be effective upon the earlier of thirty (30) calendar days following our dispatch of an e-mail notice to you (if applicable) or thirty (30) calendar days following our posting of notice of the changes on our Site. These changes will be effective immediately for new users of the Services. Continued use of

the Services following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the updated Policy.

6.2 Contact Information and Choices. You may send requests about personal information to the Company’s address set forth above. You can request to change contact choices, opt-out of our sharing with others, and update your personal information.