Last Update: August 30, 2022

Privacy Policy

Overview and Purpose
The purpose of this policy is to ensure all employees working in Bistro BPO abide by the Privacy Policy. Privacy Policy controls deployed at Bistro BPO shall be reviewed as and when required but at least annually and as prescribed by applicable laws, regulatory compliance or management decision.

This policy covers the entire Operations owned by Bistro BPO, all employees including the agents who are under-taking the calls at the Call Center locations.

At Bistro BPO, our mission is to provide a world class call-center experience at an affordable price to its clients. We want you to understand how we handle your data. We also want you to know your rights and choices.

Who we are?

The company manages customer support and order taking on behalf of some of the world’s leading fast-food brands. We are level-1 PCI-DSS certified with 100% secure credit card payment processes.
Contact Details:
CTO & Data Controller Mr. Taha Shafat or the Data Protection Officer Mr. Dhiraj Das (email:

What information do we collect?

The information we gather about you depends on the context of reaching our platform. By and large, it is information about you calling us for ordering or for any other support that can personally identify you — either on its own or when combined with other information.

  • The following describes the information we collect and how we obtain it.
    • During contact with the call center:
      We collect information from your customers when they place an order over the phone or contact customer service through the phone numbers forwarded to our call center.
    • Personal contact data:
      Certain personal information is provided by you when you interact with our customer service center, or request information from us. This personal information includes things like: Contact details including your name, address and telephone number
      No PII (Personally Identifiable Information) data is stored in the dialer. Only the phone number is stamped with the time, date & length of the call and which store the call came to. No PII data is stored by Bistro BPO LLC.
      Billing and payment information, including credit card data
  • We process sensitive credit card data as per following process:
    • Secure payment mode that sits on our telephony path ready to secure calls resulting in a payment.
    • Customer enters card details through keypad entry, which is masked from the agent's view and render the masked data non-selectable for copying/storing.
    • Both agent and customer stay on the phone together without needing to be transferred to an IVR or disconnected.
    • The system blocks sensitive card data from being seen, heard, replicated, or stored by our agents, systems or processes.
    • We do not collect or process any data from third parties’ data and source
  • Are there guidelines for Kids?
    • Our Services are intended for a general audience and are not directed at children under (13) years of age.
    • We do not knowingly gather personal information (as defined by the U.S. Children’s Privacy Protection Act, or COPPA) in a manner not permitted by COPPA. If you are a parent or guardian and you believe we have collected information from your child in a manner not permitted by law, contact us at We will remove the data to the extent required by applicable laws.

Why and How do we use personal information?

  • We use your information to help you use and navigate our Services, such as:
    • Personalization of content, business information or better user experience;
    • Communicate information about our products, services, events, and for other promotional purposes;
    • Operate, improve, and maintain our business, products, and services;
    • Protect our or others’ rights, property, or safety;
    • Communicate with you about your purchase;
    • Administer any orders that you have placed with us and process payments;
    • Delivering marketing and events communication;
    • Carrying out polls and surveys;
    • Internal research and development purposes;
    • Prevent, detect, or investigate fraud, including fraudulent purchases, abuse, illegal use, or violations of our Terms of Use relating to use of our Platform; and
    • Meeting internal audit and quality assurance requirements

What About Sensitive Personal Information?

  • We generally do not want to gather any sensitive information about you. This includes:
    • Your social security number
    • Your racial or ethnic origin
    • Your political opinions
    • Your religion or other beliefs
    • Your health, biometric or genetic characteristics
    • Any criminal background
    • Outside those situations we would prefer you never share that information with us.

How do we manage and for how long we retain data?

  • It depends. We store your personal information for as long as needed, or permitted, based on the reason why we obtained it (consistent with applicable laws). This means we might retain your personal information even after you stop ordering with us.
    When deciding how long to keep your information, we consider:
    • How long we have had a relationship with you or provided an ordering Service to you
    • Whether we are subject to any legal obligations (e.g., any laws that require us to keep transaction records for a certain period of time before we can delete them)
    • Whether we have taken any legal positions (e.g., in connection with any statutes of limitation).
    • Rather than delete your data, we might de-identify it by removing identifying details.

Sharing Of Your Personal Information

  • We may share each of the categories of personal data we collect with the following types of entities for the business purposes described:
    • Service providers processing personal information on our behalf, including the categories noted in the “What personal information do we collect, when, and from what sources” section, for business purposes such as processing payments, shipping and deliveries, hosting, managing and servicing our data, distributing emails, conducting research and analysis, advertising, analytics, managing brand and product promotions as well as administering certain services and features.
    • Other third parties to the extent necessary to: (i) comply with government request, court order, or applicable law; (ii) prevent illegal use of our Platform or violations of the applicable terms and policies; (iii) defend ourselves against third party claims; and (iv) assist in fraud prevention or investigation (e.g., fraud and or counterfeiting).
    • Other entities where you have provided your consent.
  • We may also transfer personal information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of reorganization, spin-off, dissolution, or liquidation).
    • We do not share your personal information with third parties for their own direct marketing purposes.
    • We do not sell your personal information.

Use of cookies and other technologies

We collect information from your browser or device when you use our Platform. We use a variety of methods, such as cookies and pixel tags to collect this information. We use this information for Platform functionality, performance analysis and improvement, enabling interoperability (like social media log-in and sharing), and advertising.
Some advertising and technology partners may also collect personal data when you use our Platform. These partners have committed to act as service providers on our behalf and have committed to only use your personal data for our purposes as described in this policy.
Your browser can help you manage these trackers. In your browser, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies in your browser settings. If you turn off all cookies, certain parts or features of our Platform may not work properly. There are also general resources for opting out of interest-based advertising available on the websites of the Network Advertising Initiative and Digital Advertising Alliance. Similarly, you can adjust your advertising preferences on your mobile device at the device level. For example, to adjust your ad preference in iOS, visit Settings > Privacy > Advertising > Limit Ad Tracking. To adjust your ad preferences in Android, visit Settings > Google > Ads > Opt Out of Interest-Based Ads.

How do we secure personal data?

We protect your personal information with a series of organizational, technological and physical safeguards — but despite our efforts, no website, mobile application, database, or system is completely secure or “hack proof”. You can help keep your data safe by taking reasonable steps to protect your personal information against unauthorized disclosure or misuse. If you have reason to believe your interaction with us is no longer secure, notify us immediately.

What Is Our Legal Basis?

  • We only collect, use or share information about you when we have a valid reason. This is called “lawful basis.” Specifically, this is one of the following:
    • The consent you provide to us at the point of collection of your information to place order or support you with your queries
    • The compliance of a legal obligation to which we are subject
  • The legitimate interests of Bistro BPO LLC. “Legitimate interest” is a technical term and means that there are good reasons for the processing of your personal information, and that we take measures to minimize the impact on your privacy rights and interests. “Legitimate interest” also refers to our use of your data in ways you would reasonably expect and that have a minimal privacy impact.
  • We have a legitimate interest in gathering and processing personal information, for example
    • to ensure that our networks and information are secure
    • to administer and generally conduct business within Bistro BPO Company
    • to prevent fraud
    • to conduct our marketing activities

Changes To Our Privacy Policy

Applicable law and our practices change over time. If we decide to update our privacy policy, we will post the changes on our Platform. If we materially change the way in which we process your personal information, we will provide you with prior notice, or where legally required, request your consent prior to implementing such changes. We strongly encourage you to read our privacy policy and keep yourself informed of our practices.

Questions, Feedback and Metrics

If you wish to provide feedback, or if you have questions or concerns, you can contact our Data controller or write to our offices at Bistro BPO, LLC, 329 S Oyster Bay Rd # 638, Plainview, NY 11803, USA or email us at

Relevant Findings
All relevant findings discovered as a result of the audit shall be listed in the Bistro BPO tracking system to ensure prompt resolution or appropriate mitigating controls.

Ownership of Audit Report
All results and findings generated by audit must be provided to appropriate Bistro BPO management as soon as possible. This report will become the property of Bistro BPO and be considered company confidential.

Policy Compliance

Any exception to the policy must be approved by the Info Sec team in advance.

An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.