CHIPOTLE’S PRIVACY POLICY

(LAST UPDATED DECEMBER 20, 2022)

 

Chipotle Mexican Grill Canada Corp. (“Chipotle”) values and respects your privacy. We have prepared this “Privacy Policy” to describe our personal information practices when you access or interact with our mobile application (“App”) or our websites that link to this Privacy Policy (“Websites”), as well as offline locations (such as our restaurants) and other interactions with us.  The App, those websites, our restaurants, and our related service offerings are referred to in this Privacy Policy as our “Services.” Please note, this Privacy Policy is applicable to consumers in Canada. We maintain separate privacy policies for our Canadian employees and job applicants and for customers, employees, and job applicants in the European Union, United Kingdom, and the United States.

 TABLE OF CONTENTS

·      Collection and Use of Personal Information

·      Sharing of Personal Information

·      Information about our Website and App

·      Interest-Based Advertising

·      Safeguards and Retention

·      Your Choices

·      Access to Personal Information

·      Updates to the Privacy Policy

·      Contact Us

 

 COLLECTION AND USE OF PERSONAL INFORMATION

For the purposes of this policy, “personal information” means any information about an identifiable individual including, without limitation, your name, address, telephone number, and email address. We collect and use your personal information when you:

 

·      Visit one of our restaurants

·      Order through our Website or App

·      Participate in our Chipotle Community Fundraising Program

·      Sign-up to receive our marketing communications

·      Enter a contest or participate in a promotion

·      Participate in our Chipotle Rewards program

·      Apply for a job with us

·      Contact Us with a comment, question or complaint

·      Use the Find a Location feature on our Website or App

·      Restaurant Purchases: You do not have to provide us with any personal information when you pay using cash at one of our restaurants. If you use a credit or debit card, we collect your debit or credit card-related information and your signature to process and administer your payment. We may also use video surveillance in our restaurants for loss prevention, safety, and security purposes. If you order catering through a local restaurant, we also collect the delivery address.

·      Ordering Online: If you place an order through our Website or App, you will be asked to provide your first and last name, email address, phone number, and payment card information (as well as accessibility preference for pick-up orders). If you choose to create an account to save your favorites, order faster and place group orders (for example, by choosing to save your credit card information to your account), we also collect a password that you create. If you place a Group Order, we will collect the name of each participant in the Group Order in order correctly match the names of the Group Order participants with the items that they have ordered. We may also offer you the ability to order through a third-party food delivery service, in which case we obtain your information from the third party in order to fulfil your order. If you purchase an e-gift card for a friend or family member, we collect the name and email address for the recipient in order to deliver an email containing your e-gift card on your behalf. We do not use the recipient’s information for any other purpose.

·      The Chipotle Community Fundraising Program: We also collect personal information if you choose to participate in our Chipotle Community Fundraising Program, which allows organizations to apply to raise money for a particular fundraiser. Customers are offered the opportunity to round up their purchase to the nearest dollar and have Chipotle donate the excess amount to the chosen fundraiser. You may apply for the Chipotle Community Fundraising Program by filling out an application on our Website.  When you submit an application, you will be asked to enter certain information such as your first and last name, phone number, email address and details about your fundraiser (fundraiser name, the type of fundraiser, and local restaurant). We use this information to communicate with you about your fundraiser application. If you invite friends or family members to participate in your fundraiser, we also collect your friends or family members’ email addresses so that we can send them a team code via email on your behalf. We do not use your friends’ email address for any other purpose without their consent. Please ensure you only provide the email addresses of friends and family members who would want to receive the fundraising email.

·      Sign-up to receive our updates or offers: If you subscribe to our marketing email list or sign up to receive updates and offers via text, we collect your name, email address and/or mobile phone number and use this information to send you relevant information, offers and promotions based on your interests, general location (based on postal code or phone number), favorite stores and purchase history. If you no longer wish to receive these communications, you can unsubscribe at any time by clicking the “unsubscribe” link included at the bottom of our emails, or by texting STOP in response to a text message sent by us. Alternatively, you can opt-out of receiving emails or from receiving text message offers within the Personal and Preferences page of the App or Website if you have created an account with us or by contacting us at the contact information under “Contact Us” below. Please note that you may continue to receive certain transactional or account-related communications from us, such as your receipt or online order confirmation.

·      Push Notifications: If you sign-up to receive push notifications, we will send push notifications to your mobile device with updates about your orders, and special offers. If you wish to stop receiving push notifications from us, you can turn off push notifications for the App either within the Personal and Preferences page of the App or in the settings of your mobile device.

·      Contests and Promotions: If you enter a contest or participate in a promotion, we may collect your name, address, email address, phone number, and any additional information or content required for the contest or promotion (such as information you post on social media). We use this information to administer your participation in the contest or promotion, including prize fulfillment. As part of a contest or promotion, we may obtain your consent to share or otherwise publish the content you submit. You may provide these same data elements to us when you participate in surveys, focus groups, or market research, and you may also share additional information generated by your participation in the surveys, focus groups, and/or other marketing research efforts.

·      Chipotle Rewards: If you join our Chipotle Rewards program, we will collect your first name, last name, email address (required in order to receive all eligible Chipotle Rewards), delivery address, password used to create the account, telephone number, and marketing preferences, device settings country, and you may also elect to provide other information, including your birthday (month / day only), payment card or gift card information, accessibility preferences for pick up orders, and nutrition preferences. We collect this information to establish and administer your Chipotle Rewards account, including to create and send you a digital Chipotle Rewards card, create an ID number, scannable code or other unique identifier to associate you with your Chipotle Rewards account, to award points to you on qualifying purchases and to enable you to redeem points. We will then associate that and other categories of personal information with your Rewards Program account, such as other unique identifiers, purchase history, general geolocation data, preferences you provide (e.g., favorite Chipotle restaurants), and stored payment methods.  Note that we also may collect all of this information outside the context of the Rewards Program. We may also use this information to send non-personalized advertising, retargeted advertisements and personalized advertising and marketing offers and other special offers available only to members of the Chipotle Rewards program.

·      Job Applicants: If you apply for a job with us, you may provide us with certain personal information about yourself, such as information contained in a resume, cover letter, or similar employment-related materials.  We use this information for the purpose of processing and responding to your application for current and future career opportunities and assessing your suitability for employment. For more information, see our Applicant Privacy Notice found at: www.chipotle.ca/canada-recruiting-notice.

·      Contact Us: When you contact us with a comment, question or complaint, you may be asked for information that identifies you, such as your name, address and a telephone number, along with additional information we need to help us promptly answer your question or respond to your comment.  We may retain this information to assist you in the future and to improve our customer service and service offerings.

·      Find a Location: If you search for a restaurant on our Website or in the App, we collect your postal code or city and province, or, if you choose to provide it, your device’s precise geolocation, in order to provide you with information on nearby restaurants. When you give the App permission to collect your precise geolocation, the App may use your mobile device’s location services to collect real-time information about the location of your device (using both GPS and other methods) to provide requested location services and ensure your orders are placed at the correct location. Chipotle does not retain, store, or use your precise geo-location (e.g.  for any purpose beyond what is identified in this section, however Chipotle does retain general location data such as your zip code, city, state, and country and this general location data may be used to identify an audience for targeted advertising).

SHARING OF PERSONAL INFORMATION

We do not sell, rent or disclose your personal information to third parties without your consent, except as described below or as required or permitted by applicable law.

·      Service Providers and Affiliates: Your personal information may be transferred (or otherwise made available) to third parties or affiliates that provide services on our behalf. We use service providers to provide services such as delivery services, analytics marketing and advertising services, payment processing services, other types of business support for our transactions (such as or accounting services), and technical services (e.g., data storage and customer relationship management databases). Our service providers are only provided with the information they need to perform their designated functions and are not authorized to use or disclose personal information for their own marketing or other purposes.

We may also provide your personal information to our affiliates to provide various services to us, including Website and App tracking and usage analytics, as well as targeted marketing services based on your Chipotle Rewards program participation, transaction data, payment card information, online behavior, demographic information and any other information derived from your interactions with us.  

Our service providers and affiliates may be located in the U.S., Canada or other foreign jurisdictions. If you would like to learn more information about our practices and policies on the use of service providers and affiliates located outside of Canada, please contact our Privacy Officer at the address listed below under “Contact Us”.

·      Legal and Compliance: We and our Canadian, US and other foreign affiliates and service providers may disclose your personal information in response to a search warrant or other legally valid inquiry or order, or to another organization for the purposes of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud, or as otherwise may be required or permitted by applicable Canadian, U.S. or other law or legal process, which may include lawful access by US or foreign courts, law enforcement or other government authorities. Your personal information may also be disclosed where necessary for the establishment, exercise or defense of legal claims and to investigate or prevent actual or suspected loss or harm to persons or property.

·      Sale of Business: We may transfer any information we have about you as an asset in connection with a proposed or completed merger, acquisition or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Chipotle or any of its affiliated companies or as part of a corporate reorganization or other change in corporate control.

·      Contests and Promotions: Our contests and promotions may be jointly sponsored or offered by other parties. When you enter a promotion or contest, we may share information as described to you at the time you enter the contest or promotion, including as required by law (e.g., on a winners list).

We may share non-identifiable information (including information that has been aggregated or de-identified) for any purpose.

INFORMATION ABOUT OUR WEBSITE AND APP

·      Visiting our Website:  In general, you can visit our Website without telling us who you are or submitting any personal information. However, we collect information about the computer or device you use to access our Website or App, including operating system, IP (Internet protocol) address, mobile device identification number, MAC (media access control) address on your device, the make and model of your device, its operating system, information about the screen size, page requests, browser type, average time spent on our Website or App and date and time of your use. We use this information to determine which settings are appropriate for your computer or device, to provide or enhance digital functionality, to help us understand our Website and App activity and to monitor and improve our Services, including our Website and App.

·      Location Data: If you choose to use a location-based service, such as locating a restaurant near you, you may also provide us, through your phone, with permission to track your device location in order to provide you with the services you request. You can stop sharing your location data with us at any time by turning off location data directly from the settings function in your device or by going to the Personal and Preference page within the App which will also direct you to the settings feature of your device to make these changes.

·      Cookies and other Tracking Technologies:  Our Website and App use "cookies", use of this term shall be read to include cookies, pixels, tags, beacons, SDKs, web server logs and other types of tracking technologies.  Cookies are used to better understand and analyze information about the use of our Website and App and provide you with relevant advertising. For more information on our use of these technologies and your choices, please see Interest-Based Advertising below.   

·      App Usage Information & Analytics: As with many applications, certain limited data is required for the App to function on your device. This data includes the type of device hardware and operating system, unique device identifier, IP address, language settings, and the date and time the App accesses our servers. We use this information to help us understand the activity on our App, to monitor and improve our App, and to tailor your in-App experience. In addition, we may use third party service providers to collect analytical information about your use of the App, such as the App features used and time spent on the App, to help us tailor your in-App experience, improve our products and the quality of our App, and to manage and analyze data in order to better understand our users.

·      Third Party Links:  Our Website may contain links to other websites that Chipotle does not own or operate. We provide links to third party websites as a convenience to the user. These links are not intended as an endorsement of or referral to the linked websites. The linked websites have separate and independent privacy policies, notices and terms of use. We do not have any control over such websites, and therefore we have no responsibility or liability for the manner in which the organizations that operate such linked websites may collect, use or disclose, secure and otherwise treat personal information. We encourage you to read the privacy policy and terms of use of every website you visit.

INTEREST-BASED ADVERTISING

When you visit any web site, including our Website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information gathered through cookies can give you a more personalized web experience. For example cookies allow you to navigate between pages efficiently, letting us analyze how well our website is performing, and educates us on the content that you found most helpful based on the amount of time you spent reviewing that content. A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting.

Many web browsers are set to accept cookies by default, but you can set your browser to notify you before accepting a cookie, or to delete or refuse cookies. You can control and manage cookies associated with your browser. If you are interested controlling and managing cookies from your browser including any set by our website, please refer to http://www.allaboutcookies.org/manage-cookies/index.html for information on different ways to configure your browser’s cookie settings. Please note that your decision to block some types of cookies may impact your experience of the Website and the services we are able to offer.

If you want to clear all cookies left behind by the websites you have visited, here are links where you can download three third party programs that clean out tracking cookies:

·       http://www.lavasoftusa.com/products/ad-aware_se_personal.php

·       http://www.spybot.info/en/download/index.html

·       http://www.webroot.com/consumer/products/spysweeper/

Many advertising companies that collect information for interest-based advertising are members of the Digital Advertising Alliance (DAA) or the Network Advertising Initiative (NAI), both of which maintain websites where people can opt out of interest-based advertising from their members. To opt-out of website interest-based advertising provided by each organization’s respective participating companies, visit the DAA’s opt-out portal available at http://optout.aboutads.info/, the DAA of Canada’s opt-out portal available at https://youradchoices.ca/en/tools, or visit the NAI’s opt-out portal available at http://optout.networkadvertising.org/?c=1.

To opt-out of data collection for interest-based advertising across mobile applications by participating companies, download the DAA’s AppChoices mobile application opt-out offering here: https://youradchoices.com/appchoices.

Our Website and App use third party cookies from Google Analytics for demographics and interest reporting. This feature gives us insight into behavior information relating to visitor general age range, gender and interests on an anonymous and aggregate level. This will help us to understand browsing behavior to give you a better experience while visiting our Website or App.

You can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings Feature on Google. By clicking Ads Settings, you will be taken out of chipotle.com to a page on Google where you can control the information Google uses to show you ads. In addition, you can use Google Analytics Opt-Out Browser Add-on to disable tracking by Google Analytics.

Our Website and App also use Adobe Analytics to collect a hashed user ID when you sign in to the Website or App.  This user ID is stored in encrypted form and cannot be linked to you. We use this hashed user ID to track our users’ demographic information (such as the user’s general age range and gender) and their behavior while using the Website or App, such as how they interact with the Website/App, the time spent using the Website/App and when they click on the URL for the Website or open the App.

SAFEGUARDS AND RETENTION

We are committed to the protection of your personal information from unauthorized access or use. We will use reasonable organizational, physical, technical and administrative measures to protect personal information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with is no longer secure, please notify us by sending an email to privacy@chipotle.com. We restrict access to personal information on a need-to-know basis to employees and authorized service providers who require access to fulfil their job requirements.

We have record retention processes designed to retain personal information for no longer than necessary for the purposes set out herein or as otherwise required to meet legal or business requirements.

YOUR CHOICES

General.  You may withdraw your consent at any time to our collection, use and disclosure of your personal information by contacting our Privacy Officer at the address listed below, subject to any legal restrictions.  Please be aware, however, if you do withdraw your consent we may not be able to provide you with our products or services.  We will explain the impact to you at the time to help you with your decision.

E-mails. As indicated above, if you have signed-up to receive our email communications, you can unsubscribe any time by clicking the “unsubscribe” link included at the bottom of the email. Please note that you will continue to receive transactional and account related service communications. Alternatively, you can opt-out of receiving our emails within the Personal and Preferences page of the App or Website if you have created an account with us or by contacting us at the contact information under “Contact Us” below.

Push Notifications. If you have opted-in to receive push notification on your device, you can opt-out at any time by adjusting the permissions in your Personal and Preferences page of the App, or the settings in your device.

Text Messages. For any Chipotle messaging program that you opt-in to or through our websites, you agree to receive messages to the mobile number used at the time of opt-in. You can opt-out of receiving text messages at any time by texting “STOP” in response to any text message you receive from us. Alternatively, you can opt-out of text message offers within the Personal and Preferences page of the App or Website if you have created an account with us or by contacting us at the contact information under “Contact Us” below.

To opt-out of interest-based advertising, see “Interest-Based Advertising” section above.

ACCESS TO PERSONAL INFORMATION

Subject to limited exceptions under applicable law, you may have the right to access, update and correct inaccuracies in your personal information in our custody and control. You may request access, updating and corrections of inaccuracies in your personal information in our custody or control by completing our Data Request Form found at www.chipotle.ca/datarequest, or emailing or writing to us at the contact information set out below. We may request certain personal information for the purpose of verifying the identity of the individual seeking access to his or her personal information records.

UPDATES TO THE PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes to our privacy practices. We encourage you to periodically review this page to ensure you are familiar with those changes. We will indicate at the top of this Privacy Policy when it was most recently updated.

CONTACT US

If you have any questions or comments about this Privacy Policy or the manner in which we or our service providers treat your personal information, or to request access to your personal information in our records, please complete our Data Request Form found at www.chipotle.ca/datarequest, contact our Privacy Officer at privacy@chipotle.com, or by regular mail at:

Chipotle Mexican Grill Canada Corp.
Attn: Privacy Officer
100 University Ave, 5th Floor
Toronto, ON
M5J 1V6