TABLE OF CONTENTS
· Collection and Use of Personal Information
· Sharing of Personal Information
· Information about our Website and App
· Interest-Based Advertising
· Safeguards and Retention
· Your Choices
· Access to Information
· Contact Us
COLLECTION AND USE OF PERSONAL INFORMATION
For the purposes of this policy, “personal information” means any information about an identifiable individual including, without limitation, your name, address, telephone number, and email address. We collect and use your personal information when you:
· Visit one of our restaurants
· Order through our Website or App
· Participate in our Chipotle Community Fundraising Program
· Sign-up to receive our marketing communications
· Enter a contest or participate in a promotion
· Participate in our Chipotle Rewards program
· Apply for a job with us
· Contact Us with a comment, question or complaint
· Use the Find a Location feature on our Website or App
· Restaurant Purchases: You do not have to provide us with any personal information when you pay using cash at one of our restaurants. If you use a credit or debit card, we collect your debit or credit card-related information and your signature to process and administer your payment. We may also use video surveillance in our restaurants for loss prevention and security purposes. If you order catering through a local restaurant, we also collect the delivery address.
· Ordering Online: If you place an order through our Website or App, you will be asked to provide your first and last name, email address, phone number, and payment card information (as well as accessibility preference for pick-up orders). If you choose to create an account to save your favourites, order faster and place group orders (for example, by choosing to save your credit card information to your account), we also collect a password that you create. If you place a Group Order, we will collect the name of each participant in the Group Order in order correctly match the names of the Group Order participants with the items that they have ordered. We may also offer you the ability to order through a third-party food delivery service, in which case we obtain your information from the third party in order to fulfil your order. If you purchase an e-gift card for a friend or family member, we collect the name and email address for the recipient in order to deliver an email containing your e-gift card on your behalf. We do not use the recipient’s information for any other purpose.
· The Chipotle Community Fundraising Program: We also collect personal information if you choose to participate in our Chipotle Community Fundraising Program, which allows organizations to apply to raise money for a particular fundraiser. Customers are offered the opportunity to round up their purchase to the nearest dollar and have Chipotle donate the excess amount to the chosen fundraiser. You may apply for the Chipotle Community Fundraising Program by filling out an application on our Website. When you submit an application, you will be asked to enter certain information such as your first and last name, phone number, email address and details about your fundraiser (fundraiser name, the type of fundraiser, and local restaurant). We use this information to communicate with you about your fundraiser application. If you invite friends or family members to participate in your fundraiser, we also collect your friends or family members’ email addresses so that we can send them a team code via email on your behalf. We do not use your friends’ email address for any other purpose without their consent. Please ensure you only provide the email addresses of friends and family members who would want to receive the fundraising email.
· Sign-up to receive our updates or offers: If you subscribe to our marketing email list or sign up to receive updates and offers via text, we collect your name, email address and/or mobile phone number and use this information to send you relevant information, offers and promotions based on your interests, general location (based on postal code or phone number), favourite stores and purchase history. If you no longer wish to receive these communications, you can unsubscribe at any time by clicking the “unsubscribe” link included at the bottom of our emails, or by texting STOP in response to a text message sent by us. Alternatively, you can opt-out of receiving our email newsletter or from receiving text message offers by contacting us at the contact information under “Contact Us” below. Please note that you may continue to receive certain transactional or account-related communications from us, such as your receipt or online order confirmation.
· Push Notifications: If you sign-up to receive push notifications, we will send push notifications to your mobile device with updates about your orders, and special offers. If you wish to stop receiving push notifications from us, you can turn off push notifications for the App either within the Preferences page of the App, or in the settings of your mobile device.
· Contests and Promotions: If you enter a contest or participate in a promotion, we may collect your name, address, email address, phone number, and any additional information or content required for the contest or promotion (such as information you post on social media). We use this information to administer your participation in the contest or promotion, including prize fulfillment. As part of a contest or promotion, we may obtain your consent to share or otherwise publish the content you submit.
· Chipotle Rewards: If you join our Chipotle Rewards program, we will collect your first name, last name, password, email address (required in order to receive all eligible Chipotle Rewards), mobile telephone number, and marketing preferences, and you may also elect to provide other information, including your birthday. We collect this information to establish and administer your Chipotle Rewards account, including to create and send you a digital Chipotle Rewards card, create an ID number, scannable code or other unique identifier to associate you with your Chipotle Rewards account, to award points to you on qualifying purchases and to enable you to redeem points. We may also use this information to send you special offers available only to members of the Chipotle Rewards program.
· Contact Us: When you contact us with a comment, question or complaint, you may be asked for information that identifies you, such as your name, address and a telephone number, along with additional information we need to help us promptly answer your question or respond to your comment. We may retain this information to assist you in the future and to improve our customer service and service offerings.
· Find a Location: If you search for a restaurant on our Website or in the App, we collect your postal code or city and province, or, if you choose to provide it, your device’s precise geolocation, in order to provide you with information on nearby restaurants.
SHARING OF PERSONAL INFORMATION
We do not sell, rent or disclose your personal information to third parties without your consent, except as described below or as required or permitted by applicable law.
· Service Providers and Affiliates: Your personal information may be transferred (or otherwise made available) to third parties or affiliates that provide services on our behalf. We use service providers to provide services such as delivery services, analytics marketing and advertising services, payment processing services, other types of business support for our transactions (such as or accounting services), and technical services (e.g., data storage and customer relationship management databases). Our service providers are only provided with the information they need to perform their designated functions and are not authorized to use or disclose personal information for their own marketing or other purposes.
We may also provide your personal information to our affiliates to provide various services to us, including Website and App tracking and usage analytics, as well as targeted marketing services based on your loyalty program participation, transaction data, payment card information, online behaviour, demographic information and any other information derived from your interactions with us.
Our service providers and affiliates may be located in the U.S., Canada or other foreign jurisdictions. If you would like to learn more information about our practices and policies on the use of service providers and affiliates located outside of Canada, please contact our Privacy Officer at the address listed below under “Contact Us”.
· Legal and Compliance: We and our Canadian, US and other foreign affiliates and service providers may disclose your personal information in response to a search warrant or other legally valid inquiry or order, or to another organization for the purposes of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud, or as otherwise may be required or permitted by applicable Canadian, U.S. or other law or legal process, which may include lawful access by US or foreign courts, law enforcement or other government authorities. Your personal information may also be disclosed where necessary for the establishment, exercise or defence of legal claims and to investigate or prevent actual or suspected loss or harm to persons or property.
· Sale of Business: We may transfer any information we have about you as an asset in connection with a proposed or completed merger, acquisition or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Chipotle or any of its affiliated companies or as part of a corporate reorganization or other change in corporate control.
· Contests and Promotions: Our contests and promotions may be jointly sponsored or offered by other parties. When you enter a promotion or contest, we may share information as described to you at the time you enter the contest or promotion, including as required by law (e.g., on a winners list).
We may share non-identifiable information (including information that has been aggregated or de-identified) for any purpose.
INFORMATION ABOUT OUR WEBSITE AND APP
· Visiting our Website: In general, you can visit our Website without telling us who you are or submitting any personal information. However, we collect information about the computer or device you use to access our website or one of our mobile applications, including operating system, IP (Internet protocol) address, mobile device identification number, MAC (media access control) address on your device, the make and model of your device, its operating system, information about the screen size, page requests, browser type, average time spent on our Website or App and date and time of your use. We use this information to determine which settings are appropriate for your computer or device, to provide or enhance digital functionality, to help us understand our Website and App activity and to monitor and improve our Services, including our Website and App.
· Location Data: If you choose to use a location-based service, such as locating a restaurant near you, you may also provide us, through your phone, with permission to track your device location in order to provide you with the services you request. You can opt-out of sharing location data with us at any time by turning off location data in your device settings or the location setting within the App.
· Cookies and other Tracking Technologies: Our Website uses "cookies", pixels and other types of tracking technologies including to better understand and analyze information about the use of our Website and provide you with relevant advertising. For more information on our use of these technologies and your choices, please see Interest-Based Advertising below.
· App Usage Information & Analytics: As with many applications, certain limited data is required for the App to function on your device. This data includes the type of device hardware and operating system, unique device identiﬁer, IP address, language settings, and the date and time the App accesses our servers. We use this information to help us understand the activity on our App, to monitor and improve our App, and to tailor your in-App experience. In addition, we may use third party service providers to collect analytical information about your use of the App, such as the App features used and time spent on the App, to help us tailor your in-App experience, improve our products and the quality of our App, and to manage and analyze data in order to better understand our users.
You can use the options in your web browser or your mobile device to notify you when you receive a cookie or otherwise change your cookie preferences. Click on the "Help" section of your browser to learn how to make those changes. But remember, if you disable cookies, you may not be able to take advantage of all the exciting features of our Website or App.
In addition to adjusting the appropriate settings in your browser or device, many advertising companies that may collect anonymous information for advertising targeting purposes are also members of the Digital Advertising Alliance or the Network Advertising Initiative, both of which provide an opt-out from advertisement targeting by their members. You can find more information on these opt-out capabilities on www.aboutads.info and www.networkadvertising.org.
Our Website and App use third party cookies from Google Analytics for demographics and interest reporting. This feature gives us insight into behavior information relating to visitor age, gender and interests on an anonymous and aggregate level. This will help us to understand browsing behavior to give you a better experience while visiting our Website or App.
You can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings Feature on Google. By clicking Ads Settings, you will be taken out of chipotle.com to a page on Google where you can control the information Google uses to show you ads. In addition, you can use Google Analytics Opt-Out Browser Add-on to disable tracking by Google Analytics.
Our Website and App also use Adobe Analytics to collect a hashed user ID when you sign in to the Website or App. This user ID is stored in encrypted form and cannot be linked to you. We use this hashed user ID to track our users’ demographic information (such as the user’s age and gender) and their behavior while using the Website or App, such as how they interact with the Website/App, the time spent using the Website/App and when they click on the URL for the Website or open the App.
SAFEGUARDS AND RETENTION
We have implemented reasonable administrative, technical and physical measures in an effort to safeguard the personal information in our custody and control against theft, loss and unauthorized access, use, modification and disclosure. We restrict access to personal information on a need-to-know basis to employees and authorized service providers who require access to fulfil their job requirements.
We have record retention processes designed to retain personal information for no longer than necessary for the purposes set out herein or as otherwise required to meet legal or business requirements.
General. You may withdraw your consent at any time to our collection, use and disclosure of your personal information by contacting our Privacy Officer at the address listed below, subject to any legal restrictions. Please be aware, however, if you do withdraw your consent we may not be able to provide you with our products or services. We will explain the impact to you at the time to help you with your decision.
E-mails. As indicated above, if you have signed-up to receive our email communications, you can unsubscribe any time by clicking the “unsubscribe” link included at the bottom of the newsletter. Please note that you will continue to receive transactional and account related service communications. Alternatively, you can opt-out of receiving our email marketing communications by contacting us at the contact information under “Contact Us” below
Push Notifications. If you have opted-in to receive push notification on your device, you can opt-out at any time by adjusting the permissions in your Preferences page of the App, or the settings in your device.
Text Messages. For any Chipotle messaging program that you opt-in to or through our websites, you agree to receive messages to the mobile number used at the time of opt-in. You can opt-out of receiving text messages at any time by texting “STOP” in response to any text message you receive from us.
To opt-out of interest-based advertising, see “Interest-Based Advertising” section above.
ACCESS TO INFORMATION
Subject to limited exceptions under applicable law, you have the right to access, update and correct inaccuracies in your personal information in our custody and control. You may request access, updating and corrections of inaccuracies in your personal information in our custody or control by emailing or writing to us at the contact information set out below. We may request certain personal information for the purpose of verifying the identity of the individual seeking access to his or her personal information records.
Chipotle Mexican Grill Canada Corp.
Attn: Privacy Officer
900-1959 Upper Water St.,
Halifax NS B3J 2X2