CHIPOTLE’S PRIVACY POLICY


(LAST UPDATED MAY 1, 2021)

Chipotle Mexican Grill Canada Corp. (“Chipotle”) values and respects your privacy. We have prepared this privacy policy to describe our personal information practices when you access or interact with our mobile application (“App”) or our websites that link to this Privacy Policy (“Websites”), as well as offline locations (such as our restaurants) and other interactions with us.  The App, those websites, our restaurants, and our related service offerings are referred to in this Privacy Policy as our “Services.”

TABLE OF CONTENTS

·      Collection and Use of Personal Information

·      Sharing of Personal Information

·      Information about our Website

·      Interest-Based Advertising

·      Safeguards and Retention

·      Your Choices

·      Access to Information

·      Updates to the Privacy Policy

·      Contact Us

 

COLLECTION AND USE OF PERSONAL INFORMATION

For the purposes of this policy, “personal information” means any information about an identifiable individual including, without limitation, your name, address, telephone number, and email address. We collect and use your personal information when you:

·      Visit one of our restaurants

·      Order through our Website or App

·      Participate in our Chipotle Community Fundraising Program

·      Sign-up to receive our marketing communications

·      Enter a contest or participate in a promotion

·      Apply for a job with us

·      Contact Us with a comment, question or complaint

·      Use the Find a Location feature on our Website or App

·      Restaurant Purchases: You do not have to provide us with any personal information when you pay using cash at one of our restaurants. If you use a credit or debit card, we collect your debit or credit card-related information and your signature to process and administer your payment. We may also use video surveillance in our restaurants for loss prevention and security purposes. If you order catering through a local restaurant, we also collect the delivery address.

·      Ordering Online: If you place an order through our Website or app, you will be asked to provide your first and last name, email address, phone number, and payment card information (as well as accessibility preference for pick-up orders). If you choose to create an account to save your favourites, order faster and place group orders (for example, by choosing to save your credit card information to your account), we also collect a password that you create. If you place a Group Order, we will collect the information above from each participant in the Group Order. We may also offer you the ability to order through a third-party food delivery service, in which case we obtain your information from the third party in order to fulfil your order. If you purchase an e-gift card for a friend or family member, we collect the name and email address for the recipient in order to deliver an email containing your e-gift card on your behalf. We do not use the recipient’s information for any other purpose.

·      The Chipotle Community Fundraising Program: We also collect personal information if you choose to participate in our Chipotle Community Fundraising Program, which allows organizations to apply to raise money for a particular fundraiser. Customers are offered the opportunity to round up their purchase to the nearest dollar and have Chipotle donate the excess amount to the chosen fundraiser. You may apply for the Chipotle Community Fundraising Program by filling out an application on our Website.  When you submit an application, you will be asked to enter certain information such as your first and last name, phone number, email address and details about your fundraiser (fundraiser name, the type of fundraiser, and local restaurant). We use this information to communicate with you about your fundraiser application. If you invite friends or family members to participate in your fundraiser, we also collect your friends or family members’ email addresses so that we can send them a team code via email on your behalf. We do not use your friends’ email address for any other purpose without their consent. Please ensure you only provide the email addresses of friends and family members who would want to receive the fundraising email.

·      Sign-up to receive our updates or offers: If you subscribe to our marketing email list or sign up to receive updates and offers via text, we collect your name, email address and/or mobile phone number and use this information to send you relevant information, offers and promotions based on your interests, general location (based on postal code or phone number), favourite stores and purchase history. If you no longer wish to receive these communications, you can unsubscribe at any time by clicking the “unsubscribe” link included at the bottom of our emails, or by texting STOP in response to a text message sent by us. Alternatively, you can opt-out of receiving our email newsletter or from receiving text message offers by contacting us at the contact information under “Contact Us” below. Please note that you may continue to receive certain transactional or account-related communications from us, such as your receipt or online order confirmation.

·      Push Notifications: If you sign-up to receive push notifications, we will send push notifications to your mobile device with updates about your orders, and special offers. If you wish to stop receiving push notifications from us, you can turn off push notifications for the App either within the Preferences page of the App, or in the settings of your mobile device.

·      Contests and Promotions: If you enter a contest or participate in a promotion, we may collect your name, address, email address, phone number, and any additional information or content required for the contest or promotion (such as information you post on social media). We use this information to administer your participation in the contest or promotion, including prize fulfillment. As part of a contest or promotion, we may obtain your consent to share or otherwise publish the content you submit.

·      Careers: If you apply for a job with us, you may provide us with certain personal information about yourself, such as information contained in a resume, cover letter, or similar employment-related materials.  We use this information for the purpose of processing and responding to your application for current and future career opportunities and assessing your suitability for employment. For more information, see our Applicant Privacy Policy.

·      Contact Us: When you contact us with a comment, question or complaint, you may be asked for information that identifies you, such as your name, address and a telephone number, along with additional information we need to help us promptly answer your question or respond to your comment.  We may retain this information to assist you in the future and to improve our customer service and service offerings.

·      Find a Location: If you search for a restaurant on our Website or in the App, we collect your postal code or city and province, or, if you choose to provide it, your device’s precise geolocation, in order to provide you with information on nearby restaurants.

 

SHARING OF PERSONAL INFORMATION

We do not sell, rent or disclose your personal information to third parties without your consent, except as described below or as required or permitted by applicable law.

·      Service Providers: Your personal information may be transferred (or otherwise made available) to third parties or affiliates that provide services on our behalf. We use service providers to provide services such as delivery services, analytics marketing and advertising services, payment processing services, other types of business support for our transactions (such as or accounting services), and technical services (e.g., data storage and customer relationship management databases). Our service providers are only provided with the information they need to perform their designated functions and are not authorized to use or disclose personal information for their own marketing or other purposes. Our service providers may be located in the U.S., Canada or other foreign jurisdictions.

·      Legal and Compliance: We and our Canadian, US and other foreign affiliates and service providers may disclose your personal information in response to a search warrant or other legally valid inquiry or order, or to another organization for the purposes of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud, or as otherwise may be required or permitted by applicable Canadian, U.S. or other law or legal process, which may include lawful access by US or foreign courts, law enforcement or other government authorities. Your personal information may also be disclosed where necessary for the establishment, exercise or defence of legal claims and to investigate or prevent actual or suspected loss or harm to persons or property.

·      Sale of Business: We may transfer any information we have about you as an asset in connection with a proposed or completed merger, acquisition or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Chipotle or as part of a corporate reorganization or other change in corporate control.

·      Contests and Promotions: Our contests and promotions may be jointly sponsored or offered by other parties. When you enter a promotion or contest, we may share information as described to you at the time you enter the contest or promotion, including as required by law (e.g., on a winners list).

We may share non-identifiable information (including information that has been aggregated or de-identified).

 

INFORMATION ABOUT OUR WEBSITE AND APP

·      Visiting our Website:  In general, you can visit our Website without telling us who you are or submitting any personal information. However, we collect information about the computer or device you use to access our website or one of our mobile applications, including operating system, IP (Internet protocol) address, mobile device identification number, MAC address, device identifiers, the make and model of your device, its operating system, information about the screen size, page requests, browser type, average time spent on our Website or app and date and time of your use. We use this information to determine which settings are appropriate for your computer or device, to provide or enhance digital functionality, to help us understand our Website and app activity and to monitor and improve our Services, including our Website and app.

·      Location Data: If you choose to use a location-based service, such as locating a restaurant near you, you may also provide us, through your phone, with permission to track your device location in order to provide you with the services you request. You can opt-out of sharing location data with us at any time by turning off location data in your device settings or the location setting within the app.

·      Cookies and other Tracking Technologies:  Our Website uses "cookies", pixels and other types of tracking technologies including to better understand and analyze information about the use of our Website and provide you with relevant advertising. For more information on our use of these technologies and your choices, please see our Cookie Policy.   

·      App Usage Information & Analytics: As with many applications, certain limited data is required for the App to function on your device. This data includes the type of device hardware and operating system, unique device identifier, IP address, language settings, and the date and time the App accesses our servers. We use this information to help us understand the activity on our App, to monitor and improve our App, and to tailor your in-App experience. In addition, we may use third party service providers to collect analytical information about your use of the App, such as the App features used and time spent on the App, to help us tailor your in-app experience, improve our products and the quality of our App, and to manage and analyze data in order to better understand our users.

·      Third Party Links:  Our Website may contain links to other websites that Chipotle does not own or operate. We provide links to third party websites as a convenience to the user. These links are not intended as an endorsement of or referral to the linked websites. The linked websites have separate and independent privacy policies, notices and terms of use. We do not have any control over such websites, and therefore we have no responsibility or liability for the manner in which the organizations that operate such linked websites may collect, use or disclose, secure and otherwise treat personal information. We encourage you to read the privacy policy of every website you visit.

 

SAFEGUARDS AND RETENTION

We have implemented reasonable administrative, technical and physical measures in an effort to safeguard the personal information in our custody and control against theft, loss and unauthorized access, use, modification and disclosure. We restrict access to personal information on a need-to-know basis to employees and authorized service providers who require access to fulfil their job requirements.

We have record retention processes designed to retain personal information for no longer than necessary for the purposes set out herein or as otherwise required to meet legal or business requirements.

 

YOUR CHOICES

E-mails. As indicated above, if you have signed-up to receive our email communications, you can unsubscribe any time by clicking the “unsubscribe” link included at the bottom of the newsletter. Please note that you will continue to receive transactional and account related communications. Alternatively, you can opt-out of receiving our email marketing communications by contacting us at the contact information under “Contact Us” below

Push Notifications. If you have opted-in to receive push notification on your device, you can opt-out at any time by adjusting the permissions in your Preferences page of the App, or the settings in your device.

Text Messages. For any Chipotle messaging program that you opt-in to or through our websites, you agree to receive messages to the mobile number used at the time of opt-in. You can opt-out of receiving text messages at any time by texting “STOP” in response to any text message you receive from us.

To opt-out of interest-based advertising, see “Interest-Based Advertising” section above.

 

ACCESS TO INFORMATION

Subject to limited exceptions under applicable law, you have the right to access, update and correct inaccuracies in your personal information in our custody and control. You may request access, updating and corrections of inaccuracies in your personal information in our custody or control by emailing or writing to us at the contact information set out below. We may request certain personal information for the purpose of verifying the identity of the individual seeking access to his or her personal information records.

 

UPDATES TO THE PRIVACY POLICY

We may update this privacy policy periodically to reflect changes to our privacy practices. We encourage you to periodically review this page to ensure you are familiar with those changes. We will indicate at the top of this privacy policy when it was most recently updated.

 

CONTACT US

If you have any questions or comments about this privacy policy or the manner in which we or our service providers treat your personal information, or to request access to your personal information in our records, please contact our Privacy Officer at privacy@chipotle.com or by regular mail at:

Chipotle Mexican Grill Canada Corp.
Attn: Ami Rodrigues, Privacy Officer
privacy@chipotle.com
900-1959 Upper Water St.,
Halifax NS B3J 2X2
Canada