Privacy Policy

Effective Date: May 18, 2026 · Last Updated: May 18, 2026

Capriciano Restaurant Group LLC, doing business as Capriciano Osteria (“Capriciano,” “we,” “us,” or “our”), respects your privacy. This Privacy Policy (the “Policy”) describes the categories of personal information we collect, how we use and disclose it, and the rights you have if you are a California resident. It applies to visitors of https://capriciano.com (the “Site”), guests who make reservations, purchase gift cards, attend private events, or otherwise interact with our business in person, by telephone, by email, or through third‑party platforms acting on our behalf.

This Policy is intended to satisfy our obligations under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”), Cal. Civ. Code §1798.100 et seq., and other applicable U.S. state and federal privacy laws. It does not address rights under the EU General Data Protection Regulation; our Site is directed to guests in the United States.

Notice at Collection (Summary)

• What we collect: identifiers, contact and reservation details, commercial information (gift card and event purchases), internet/device activity, and inferences drawn from these categories. We do not knowingly collect sensitive personal information beyond what a guest voluntarily shares (e.g., dietary or allergen information).
• Why we collect it: to manage reservations and events, process payments through our processor, communicate with guests, improve our Site and menu, comply with law, and protect against fraud.
• How long we keep it: see Retention below. Most reservation and guest contact records are retained for thirty‑six (36) months following your last interaction with us.
• Do we sell or share for cross‑context behavioral advertising? No. We do not sell personal information for money, and we do not share personal information with third parties for cross‑context behavioral advertising as those terms are defined by the CCPA.
• Your rights: California residents have the rights described in Section 6 below and may contact us at hi@capriciano.com or (707) 800‑7904 to exercise them.

1. Who We Are

Capriciano Restaurant Group LLC is a California limited liability company operating Capriciano Osteria at 505 Mendocino Avenue, Santa Rosa, California 95401. For purposes of the CCPA, we act as a “business.” The vendors and service providers that handle personal information on our behalf are described in Section 4.

2. Categories of Personal Information We Collect

In the preceding twelve (12) months we have collected, and may continue to collect, the following categories of personal information about California consumers (categories below mirror Cal. Civ. Code §1798.140(v)(1)(A)–(K)):

• (A) Identifiers — name, postal address, telephone number, email address, IP address, online identifiers stored in cookies, account identifiers assigned by reservation platforms.
• (B) Customer records information (Cal. Civ. Code §1798.80(e)) — signature, credit or debit card information collected on our behalf by our payment processor, billing information for private events.
• (C) Protected classifications — we do not intentionally collect race, ancestry, national origin, religion, gender, marital status, medical condition, disability, or other protected classifications. A guest may volunteer such information (for example, when sharing a dietary restriction or requesting an accessibility accommodation); we treat any volunteered information confidentially and use it only to fulfill the request.
• (D) Commercial information — records of gift card purchases, private event deposits, takeout or catering orders, and consumption history at the table when a check is linked to your reservation.
• (E) Biometric information — none.
• (F) Internet or other electronic network activity — browser type, operating system, device identifiers, pages viewed on the Site, referring URL, approximate location derived from IP address, interactions with embedded content (such as our OpenTable widget and any embedded map).
• (G) Geolocation data — approximate (city/region) only, derived from IP address. We do not collect precise geolocation.
• (H) Sensory data — security camera footage of the public areas of the restaurant (entrance, dining room, bar, exterior), retained for a limited period for safety and loss‑prevention purposes.
• (I) Professional or employment‑related information — only when submitted in response to an employment inquiry or a private‑event vendor request. Employment‑applicant information is governed by a separate notice provided at the point of application.
• (J) Education information — none.
• (K) Inferences — preferences, repeat‑visit patterns, and likely dining occasion (e.g., anniversary) drawn from the categories above to personalize service.

Sensitive personal information. We do not collect sensitive personal information for the purposes of inferring characteristics about a consumer, and we do not use it for any purpose other than those permitted by Cal. Civ. Code §1798.121(a). You therefore have no need to exercise the right to limit use of sensitive personal information against us; if you nevertheless wish to submit a request, we will honor it.

3. Sources of Personal Information

• Directly from you when you make a reservation, contact us, purchase a gift card, plan a private event, dine with us, or sign up for marketing.
• From reservation platforms acting on our behalf, including OpenTable.
• From our payment processor, Toast, which transmits transaction data and the last four digits of your payment card.
• From our website analytics, hosting, and security providers (see Section 9).
• From publicly available sources, such as reviews you choose to publish on third‑party review platforms.

4. Business and Commercial Purposes for Collection

We collect and process personal information for the following business purposes, as defined in Cal. Civ. Code §1798.140(e):

• Booking, confirming, modifying, and honoring reservations and private events.
• Processing payments, refunds, deposits, and gift card transactions.
• Responding to inquiries, accommodation requests, and complaints.
• Sending transactional communications (confirmations, reminders, post‑visit follow‑up).
• Sending marketing communications to guests who have opted in, and allowing those guests to opt out at any time.
• Improving the Site, menu, and guest experience.
• Detecting and preventing fraud, security incidents, and unauthorized access.
• Maintaining accounting, tax, and audit records.
• Complying with legal obligations and responding to lawful requests from public authorities.
• Defending and asserting legal claims.

5. Categories of Recipients (How We Share Personal Information)

We disclose personal information only as follows:

• Service providers acting on our behalf, under contracts that restrict their use of personal information to the services they perform for us:
  • Reservation platform: OpenTable, Inc.
  • Payment processor: Toast.
  • Web hosting: Hostinger International Ltd.
  • Email marketing platform: we do not currently use an email marketing platform.
  • Website analytics: Google Analytics 4 (will be enabled when our SEO tooling is deployed).
  • Accessibility tooling: Readabler accessibility widget vendor.
• Professional advisors — accountants, attorneys, insurers — for purposes consistent with this Policy.
• Government authorities — when we are legally compelled by subpoena, court order, or other lawful process, or when disclosure is necessary to protect our rights, the safety of guests or staff, or the public.
• Successor entities — in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets. We will require any successor to honor this Policy with respect to information collected before the transition.

6. California Consumer Rights

If you are a California resident, you have the following rights under the CCPA:

• Right to know. You may request that we disclose the categories of personal information we have collected about you, the categories of sources, our business purposes, the categories of third parties to whom we disclose it, and the specific pieces of personal information we have collected.
• Right to access in a portable format. Where technically feasible, we will provide your information in a structured, commonly used, machine‑readable format.
• Right to delete. You may request that we delete personal information we have collected from you, subject to exceptions in Cal. Civ. Code §1798.105(d) (for example, completing a transaction, detecting fraud, complying with a legal obligation, or maintaining limited records required by tax or accounting law).
• Right to correct inaccurate personal information.
• Right to opt out of sale or sharing. We do not sell or share personal information for cross‑context behavioral advertising. If our practices change, we will update this Policy and provide an opt‑out mechanism before doing so.
• Right to limit use of sensitive personal information. See Section 2 above; we do not use sensitive personal information except for purposes permitted by Cal. Civ. Code §1798.121(a).
• Right to non‑discrimination. We will not deny goods or services, charge different prices, or provide a different level of service because you exercised any right under the CCPA.

How to exercise your rights

• Email: hi@capriciano.com with the subject line “California Privacy Request.”
• Telephone: (707) 800‑7904.
• Mail: Capriciano Osteria, Attn: Privacy Requests, 505 Mendocino Avenue, Santa Rosa, CA 95401.

Verification of your request

Because we want to protect personal information from unauthorized disclosure, we must verify that you are the person whose information is the subject of the request. We will ask you to provide at least two pieces of information we already have on file (for example, the email address and approximate date of a recent reservation), and if the request is for specific pieces of personal information we may ask you to sign a declaration under penalty of perjury attesting that you are the consumer. We will not use any information you provide for verification for any purpose other than verification, and we will delete it as soon as practicable.

Authorized agents

You may designate an authorized agent to make a CCPA request on your behalf. The agent must submit written authorization signed by you, and we may require you to verify your identity directly with us or confirm that you provided the agent with permission. We will not act on requests from agents who cannot provide proof of authorization.

Response timing

We will confirm receipt of a verifiable consumer request within ten (10) business days and respond on the merits within forty‑five (45) calendar days. If we need additional time, we may extend the response period by up to an additional forty‑five (45) days and will notify you in writing of the extension and the reason.

Appeal

If we deny your request in whole or in part, our response will explain why and how you may submit a complaint to the California Privacy Protection Agency at cppa.ca.gov or the California Attorney General at oag.ca.gov.

7. Retention

We retain personal information only as long as reasonably necessary for the purposes for which it was collected and to comply with law. Our standard retention periods are:

• Reservation and guest contact data — thirty‑six (36) months from your last visit or interaction, after which records are deleted or de‑identified.
• Gift card records — for the life of the card plus seven (7) years for accounting purposes.
• Private event contracts and invoices — seven (7) years for tax, accounting, and dispute‑resolution purposes.
• Marketing list data — until you opt out, after which we suppress your address on a permanent “do not contact” list.
• Security camera footage — approximately thirty (30) days on a rolling basis, unless retained longer in connection with an active investigation or claim.
• Website analytics — as configured by the analytics provider, typically fourteen (14) to twenty‑six (26) months.

8. Marketing Communications

We send marketing email only to guests who have opted in. Every marketing email contains an unsubscribe link, which we honor within ten (10) business days as required by the federal CAN‑SPAM Act, 15 U.S.C. §7701 et seq. We do not send marketing SMS. Transactional messages related to your reservation (such as confirmation or modification notices) may be sent through our reservation provider

9. Cookies, Analytics, and Online Tracking

We use cookies, web beacons, and similar technologies on the Site to operate the Site, remember your preferences, and understand how the Site is used.

• Strictly necessary cookies — required to load the Site, secure your session, and remember basic preferences.
• Functional cookies — remember preferences such as language or accessibility settings.
• Analytics cookies — Google Analytics 4 (will be enabled when our SEO tooling is deployed), used to count visits, identify popular pages, and improve the Site. Information is aggregated and is not used to identify individual visitors.
• Third‑party widgets — the OpenTable reservation widget and any embedded map or social plug‑in may set their own cookies governed by the providers’ own privacy policies.

You may disable or delete cookies through your browser settings. Some Site features may not work properly without them.

Global Privacy Control and Do Not Track. We honor the Global Privacy Control (GPC) signal as a valid opt‑out of any future sale or sharing of personal information, consistent with CCPA Regulations §7025. Because we do not currently sell or share personal information for cross‑context behavioral advertising, the GPC signal has no immediate practical effect on our processing. Browsers also transmit a “Do Not Track” (DNT) signal; because there is no industry consensus on how to interpret DNT, we do not respond to it separately from GPC.

10. Children’s Privacy

Our Site and services are not directed to children under sixteen (16) years of age. We do not knowingly collect personal information from a child under thirteen (13) without verifiable parental consent, as required by the Children’s Online Privacy Protection Act, 15 U.S.C. §6501 et seq., and we do not knowingly sell or share for cross‑context behavioral advertising the personal information of any consumer we know to be under sixteen (16) without the opt‑in consent required by Cal. Civ. Code §1798.120(c). If you believe a child has provided personal information to us, please contact us using the methods in Section 6 and we will delete it.

11. Data Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include, where appropriate: restricted access to back‑office systems on a need‑to‑know basis; the use of vendors who maintain industry‑standard security practices (such as PCI‑DSS compliance by our payment processor); and routine review of our website, network, and reservation tools for known vulnerabilities. No method of transmission over the internet or method of electronic storage is one hundred percent secure, and we cannot guarantee absolute security.

12. Third‑Party Links

The Site contains links to third‑party websites, including OpenTable, social media platforms, and embedded maps. We are not responsible for the content or privacy practices of those sites. We encourage you to review the privacy policies of any third‑party site you visit.

13. Visitors from Outside the United States

Our Site is hosted in the United States and is intended for guests in the United States. If you access the Site from outside the United States, you understand that your information will be transferred to and processed in the United States, which may not provide the same level of data‑protection law as the country in which you reside.

14. Changes to This Policy

We may revise this Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. The revised version will be posted at this URL with an updated “Effective Date” and “Last Updated” line. Material changes (those that expand the categories of personal information we collect or the purposes for which we use it) will be highlighted by a banner on the Site for at least thirty (30) days following the change.

15. Contact Us

Capriciano Restaurant Group LLC d/b/a Capriciano Osteria
Attn: Privacy Requests
505 Mendocino Avenue
Santa Rosa, CA 95401
Email: hi@capriciano.com
Telephone: (707) 800‑7904