Privacy Policy.

This Policy applies to all personal data processed in connection with our restaurant and bar activities — including guests who make reservations, guests who request invoices, website visitors and any person whose data we process. The restaurant business involves personal data primarily at three moments: the table reservation, the invoice when requested, and registration if the guest opts into loyalty programmes or promotions. Most guests dine anonymously — without a reservation or an identified invoice — and that is the default we respect.

• Anonymous dining (default): Most guests dine without any data collection — cash or card payment without identification, no prior reservation. No data is collected or retained. Anonymous dining is our default.
• Reservation data: Name, WhatsApp and date/time when making a table reservation — to confirm the booking and communicate any changes. Deleted after the meal or after 30 days if not used for a repeat booking.
• Invoice data (NF-e / NFC-e — when requested): CPF or CNPJ when the guest requests an identified invoice — for corporate meal reimbursement, business travel expenses or personal record-keeping. Optional: the NFC-e can be issued without identifying the consumer.
• Dietary restrictions (when provided for a reservation): Allergies or food intolerances shared by the guest so the kitchen can accommodate safely. Treated as health data (LGPD Art. 5º, II) under Art. 11, II, "f" (provision of health / food services).
• Website contact data: Name, WhatsApp and message when using the reservation or contact form.
• Technical website data: IP address, browser type and pages visited.

• SEFAZ-RO / Receita Federal: NF-e or NFC-e with identification — mandatory electronic transmission. Anonymous dining generates no personal data transmission.
• ISS / Prefeitura de Vilhena: ISS bookkeeping on food services rendered.
• Vigilância Sanitária de Vilhena / SESAU-RO: During health inspections — institutional data of the restaurant is shared with the competent authority. Guest personal data only under formal, documented legal requirement.
• PROCON-RO / Senacon: When required in consumer disputes under the CDC.
• Legal authorities: When required by court order or administrative authority.

Our operation is based in Vilhena, RO. All guest data is processed in Brazil. Any reservation or communication platforms operating on international servers do so under the guarantees of Art. 33 of the LGPD. Tax records (NF-e) are processed exclusively in systems certified by the Receita Federal and SEFAZ-RO, in Brazil.

• Anonymous dining: No personal data collected or retained — anonymous dining is the default.
• Reservation data (no return visit): Deleted 30 days after the reservation date.
• Dietary restrictions: Deleted at the end of the meal — not retained beyond what is required for the sitting.
• NF-e and NFC-e (ISS Vilhena / SEFAZ-RO): Minimum 5 years as required by Brazilian federal and state tax legislation.
• Contact data without a completed reservation: Up to 3 months from the date of contact.
• Website analytics: Aggregated and anonymised after 12 months.

• Anonymous dining as the default — no data collected for guests who do not make reservations or request invoices;
• Dietary restrictions communicated to the kitchen verbally or via an internal notepad used exclusively by the kitchen team, without permanent digital storage;
• NF-e issued using a certified digital certificate (A1/A3) approved by the Receita Federal;
• Reservation data received via WhatsApp handled with discretion;
• Website encrypted (HTTPS);
• Incident response procedures in accordance with LGPD Art. 48.

• Confirmation and Access (Art. 18, I–II): Confirm whether we hold your data and receive a copy.
• Deletion (Art. 18, IV): Request deletion — subject to mandatory invoice retention (5 years under tax law).
• Withdrawal of consent (Art. 8º, §5º): Withdraw from loyalty programmes at any time without affecting future service.
• Complaint to the ANPD (Art. 18, §1º): Lodge a complaint at www.gov.br/anpd.

We respond within 15 business days.

Our website may use cookies for essential functionality and aggregated performance analytics. We do not use behavioural tracking or advertising cookies. Cookie preferences can be managed through your browser settings.

Restaurants and bars serve families with children. When a reservation is made by an adult including children, we process only the adult's data. We do not collect data from minors via the website. Regarding alcoholic beverages at the bar, Cippola & Maurer complies with the prohibition on selling alcohol to persons under 18 years of age under Brazilian Law nº 9.294/96 and the Statute of the Child and Adolescent (ECA). Identification may be requested when there is reasonable doubt about a consumer's age. Any document presented for age verification is checked visually only — it is not copied, photographed or recorded in any system.

Alcohol and age verification: When a guest presents an identity document for age verification, the document is checked visually by the team — it is not copied, photographed, scanned or recorded in any system. The act of presenting a document does not result in any personal data being stored.

This Policy may be updated to reflect changes in our activities, in the LGPD, in ANPD guidance, in ANVISA food service regulations or in Rondônia tax legislation. Material changes will be communicated via our website.

All privacy requests should be directed to our Data Protection Officer (LGPD Art. 41):