Privacy Policy

• This privacy policy for Boston York Restaurant Group, LLLP ("we," "us," or "our"), describes how and why we might access, collect, store, and/or use your personal information when you use this website. Reading this policy will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use this website.
• What Personal Information Do We Collect? We collect personal information that you voluntarily provide to us when you express an interest in obtaining information through a contact form on this website. The personal information we collect may include the following: your first and last name; phone number; and, email address.
• We do not collect: sensitive information; protected classification characteristics (Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data); financial details; biometric information (fingerprints and voiceprints); Internet or other similar network activity (browsing history, search history, online behavior, interest data, and interactions); images and audio, video or call recordings created in connection with our business activities; employment-related information; or, education information, student records and directory information.
• What Other Information Do We Collect? We automatically collect certain information when you visit, use, or navigate this website. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use this website, and other technical information. This information is primarily needed to maintain the security and operation of this website, and for our internal analytics and reporting purposes.
• How Do We Use Your Information? We use your information to provide, improve, and administer this website, communicate with you, for security and fraud prevention, and to comply with applicable law. We may collect, store, and use your information: as part of our efforts to keep this website safe and secure, including fraud monitoring and prevention; to identify usage trends and improve this website; and, when necessary, to save or protect an individual’s vital interest, such as to prevent harm.
• What Legal Basis Do We Rely On To Process Your Information? The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process personal information. We only process personal information when we believe it is necessary and we have a valid legal reason to do so under applicable law. We may collect, store, and/or use your information if you have given us permission (e.g., providing consent to contact you through a contact form on this website) to use your personal information for a specific purpose. You can withdraw your consent at any time.
• How Do We Share Your Information? We do not sell, share, or disclose your personal information to any person or business, at any time, unless such disclosure is required by law or required by a subpoena.
• How Long Do We Keep Your Information? We will only keep your personal information for as long as it is necessary for the purposes set out in this policy, unless a longer retention period is required by law (such as tax, accounting, or other legal requirements). No purpose in this policy will require us to store your personal information for longer than ninety (90) days. Non-identifying information, such as technical and usage data that does not contain your personal information, is deleted after one (1) year.
• How Do We Keep Your Information Safe? We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. And, we delete all personal information after ninety (90) days. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. You should only access this website within a secure environment.
• Do We Collect Information From Minors? We do not knowingly collect or solicit data from any person under 18 years of age, or the equivalent age as specified by law in your jurisdiction. By using this website, you represent that you are at least 18, or the equivalent age as specified by law in your jurisdiction, or that you are the parent or guardian of such a minor and consent to such minor’s use of this website. In accordance with the U.S. Children’s Online Privacy Protection Act, if we learn that personal information from a user less than 18 years of age, or the equivalent age as specified by law in your jurisdiction, has been collected without verifiable parental consent, we will promptly delete such data from our records.
• What Are Your Privacy Rights? Depending on your state of residence in the US or in some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information. We will consider and act upon any request in accordance with applicable data protection laws.
• US Residents. If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you have rights under your State's data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include the right to: know whether or not we are processing your personal data; access your personal data; correct inaccuracies in your personal data; request the deletion of your personal data; obtain a copy of the personal data you previously shared with us; non- discrimination for exercising your rights; opt out of the collection, storage, and use of your personal data. Please refer to your state's individual privacy right laws.
• California Residents. California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year.
• UK Residents. We may collect, store, and/or use your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information to analyze how this website is used and to diagnose problems and/or prevent fraudulent activities. We may collect and store your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved. And, we may collect and store your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
• Canadian Residents. In some exceptional cases, we may be legally permitted under applicable law to collect, store, and/or use your information without your consent, including, for example: if collection is clearly in the interests of an individual and consent cannot be obtained in a timely manner; for investigations and fraud detection and prevention; for business transactions provided certain conditions are met; if it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim; for identifying injured, ill, or deceased persons and communicating with next of kin; if we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse; if it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province; if disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records; if it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced; if the collection is solely for journalistic, artistic, or literary purposes; and, if the information is publicly available and is specified by the regulations. We may disclose de-identified information for approved research or statistics projects, subject to ethics oversight and confidentiality commitments.
• Australia and New Zealand Residents. We collect and process your personal information under the obligations and conditions set by Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020. This policy satisfies the notice requirements defined in both Privacy Acts. If you do not wish to provide the personal information necessary to fulfill their applicable purpose, it may affect our ability to provide further information. If you believe we are unlawfully processing your personal information, you have the right to submit a complaint about a breach of the Australian Privacy Principles to the Office of the Australian Information Commissioner or a breach of New Zealand's Privacy Principles to the Office of New Zealand Privacy Commissioner.
• Republic of South Africa Residents. At any time, you have the right to request access to or correction of your personal information. If you are unsatisfied with the manner in which we address any complaint with regard to our processing of personal information, you can contact the office of The Information Regulator.
• Do-Not-Track Features. Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time. We will honor your opt-out preferences if you enact the Global Privacy Control (GPC) opt-out signal on your browser.
• Do We Make Updates To This Notice? We may update this policy from time to time. The updated version will be indicated by an updated "Revised" date at the bottom of this policy. If we make material changes, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this policy frequently to be informed of how we are protecting your information.
• How Can You Review, Update, Or Delete Data We Collect About You? You have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. However, these rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please contact us at legal@bostonyork.com.
• Last Revised: June 01, 2025.