Chipotle -- Privacy Policy

 

CHIPOTLE’S PRIVACY POLICY

(LAST UPDATED FEBRUARY 8, 2020) 

This Privacy Policy describes how Chipotle Mexican Grill, Inc. and its subsidiaries and affiliates in Europe (“Chipotle”, “we”, “our”, “us”) may collect, use, and disclose personal information of visitors who access or interact with our mobile application (“App”) or our websites that link to this Privacy Policy, as well as other personal information about our customers.  The App, those websites, our restaurants, and our related service offerings are referred to in this Privacy Policy as our “Services.”

Collection of information

Information You Provide

When you visit or interact with the Services, Chipotle may obtain certain personal information from you, such as:

• Names, addresses, contact numbers, and email addresses;
• Date of birth and gender;
• Records of your orders and other transactions with us;
• Credit/debit card number(s) and account information, including associated billing address(es) and expiration date(s);
• Information provided via surveys, focus groups, and/or other marketing research efforts;
• Employer and/or other company affiliations (e.g., employer names, titles, work addresses, and other contact information);
• Job application information (e.g., resume, employment and educational history, references);
• Precise location;
• Other information described in the Information Collected Automatically section below (some of which is personal information).

We may also create inferences from this information or from other personal information we hold.

If you submit someone else’s personal information to us (e.g., someone else’s contact information), you represent that you are authorized to provide this information to us.

Information Collected Automatically

We may collect certain information about you automatically when you visit or use our online Services. This information may include your IP address, device identifier, browser characteristics, operating system details, language preference, referring URLs, length of visits, and pages viewed. We automatically collect this information using various tools and technologies such as cookies and web server logs. A cookie is a piece of data that a website can send to your browser, which may then be stored on your computer, sometimes with a tag that identifies your computer. Many web browsers are set to accept cookies by default, but you may be able to set your browser to notify you before you receive a cookie, or to remove or reject cookies. Please note that disabling cookies may affect the availability and functionality of our online Services and other websites.

We may also use certain third-party web and mobile app analytics services – including but not limited to Google Analytics (opt out by installing Google Analytics’ opt-out browser add-on, and opt out of interest-based Google ads using Google’s Ads Settings), Twitter Analytics, and Facebook Custom Audiences – to help us understand and analyze how visitors use the online Services and serve ads on our behalf across the Internet. We’ve implemented Google Analytics Advertising features such as remarketing with analytics, interest-based advertising, demographics and interests reporting, user segment analysis, look-alike modeling and impression reporting. We and third-party vendors may use first-party cookies or other first-party identifiers as well as third-party cookies or other third-party identifiers to provide Chipotle with insight into behavior information relating to inferred visitor age, gender, and interests, and to deliver advertisements to you, create a profile of you, measure your interests, detect your demographics, detect your location, personalize content, and detect online behaviors such as site visitation, dwell time and actions taken. For more information on how the Google Marketing Platform uses the data collected through the online Services, visit: www.google.com/policies/privacy/partners/.

In addition to the automatic collection mechanisms listed above, we may also:

• As an advertising publisher, use Tags in connection with the Nielsen Digital Ad Ratings Service for Google Ad Manager (see Nielsen opt-out tools here and here);
• Through tracking technologies, receive and use Foursquare service user data, including search terms, what pages you view, your access times, the time you spend on each page, the IP address used to access the pages, and other user data (see Foursquare Privacy Policy); and
• Use Microsoft’s Bing Universal Event Tracking (UET) feature, in which case Microsoft collects your personal information (see Microsoft Privacy Statement).

To find out more about how third-party analytics services manage the privacy of information in conjunction with delivering ads online, and how to opt-out of information collection or certain uses by these networks generally, including some companies mentioned above, please visit: http://www.youradchoices.com, http://www.aboutads.info/appchoices, http://www.networkadvertising.org, or https://www.networkadvertising.org/mobile-choice. Please note that we are not responsible for the opt out process of third parties.

Depending on your personal device and App permission settings, when using the App, we may collect or have access to your:

• Precise geolocation. When enabled, this may allow the App to collect real-time information about the location of your device (GPS and network-based) to provide requested location services, ensure your orders are placed at the correct location, and to serve you relevant offers or promotions.
• Camera. When enabled, this may allow the App to access the camera to scan and input payment method details.
• Wi-Fi connection information. When enabled, this may allow the App to view Wi-Fi connections.
• Other. The App will send and receive data to and from the Internet, and may view network connections, have full network access, control vibration of your device, or prevent your device from sleeping.

You may be able to enable or disable location tracking by the App by adjusting the permissions in your account or device settings. Be aware that if GPS precise location services are disabled, other means of establishing or estimating location (e.g., connecting to or proximity to Wi-Fi, Bluetooth, beacons, or our networks) may persist. Enabling location tracking may allow the App to track your location in the background, which can decrease battery life.

We will store personal information we obtain for no longer than is necessary to achieve the purposes for which the information was collected, or as otherwise required or permitted under applicable law.

Note that for information we collect via Apple services (e.g., iOS), we will obtain your consent before sharing your personal information with third parties for those third parties’ direct marketing purposes.

Information Collected From Third Parties

We may receive personal information from other companies in our corporate family.  Third-party service providers may share with us your personal information that you submit to them. For example, if you apply for a job using the career portal, order food or catering, order gift cards, make a purchase for merchandise, make a payment through the Services, or provide feedback on your experiences, you may submit personal information to one or more third parties that may share your information with us. Additionally, for certain features of the online Services, you may log in through your third-party social media account or share content from the online Services through third-party social media platforms. We may combine information that we have about you with information we obtain from third parties. When you submit information to a third party, you are subject to that third party’s terms of use and privacy policies, for which we are not responsible.

Use of Information

We may use personal information we obtain about you to:

• facilitate and personalize your user experience and improve the Services;
• conduct statistical analysis of the content, layout, and features of the Services for our marketing purposes;
• communicate with you regarding our restaurants and other Services;
• respond to your requests or inquiries;
• register you for accounts on the Services;
• register you for our email and postal mailing lists or for promotions or offers conducted in connection with the Services;
• process payment information for online food orders or online purchases through our merchandise or gift card store;
• respond to job inquiries and job applications submitted by you;
• process your fundraiser applications;
• send marketing information to you, such as promotional offers or information about new product offerings, programs, or restaurant openings;
• provide location services;
• prevent, investigate, identify, stop, or take any other action with regard to suspected or actual fraudulent or illegal activity, or any activity that violates our policies; or
• for any other purpose, with your consent where appropriate.

SHARING OF INFORMATION

We may share your personal information with our third-party service providers for a variety of reasons, such as fulfilling orders, assisting with promotions, performing website analytics, delivering relevant marketing messages and advertisements, providing technical services, and otherwise carrying out any of the uses and disclosures described in this Privacy Policy. We generally require our service providers to provide at least the same or equal protection of user data as stated in this Privacy Policy.

Some of the third-party service providers (for example, those mentioned in the “Information Collected Automatically” Section above) may view, edit, or set their own tracking technologies/cookies.

We may also publicly post on our online Services certain user-generated content you submit to us.

In the event of a business transaction, such as if we sell or transfer all or a portion of our business or assets (e.g., further to a merger, reorganization, liquidation, or any other business transaction, including negotiations of such transactions), we reserve the right to disclose any information we obtain through the Services. You acknowledge that such transfers may occur and are permitted by this Privacy Policy.  To the extent legally permitted, the acquiring party may use the information pursuant to their own privacy policy instead of this one.

We may also disclose personal information when required by subpoena, search warrant, or other legal processes, or in response to activities that are unlawful or a violation of Chipotle’s rules for use of the Services, or to protect and defend the rights or property of Chipotle or others.

LEGAL BASIS FOR PROCESSING

Our legal grounds for processing personal information are as follows:

• Legitimate interests: In many cases, we handle personal information on the ground that it furthers our legitimate interests in commercial activities, such as the following, in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals:
  • Provision of our Services;
  •  Customer support;
  • Non-marketing communication, and some marketing communication;
  • Protecting our customers, personnel and others; and
  • Analyzing and improving our business.

We may also process personal information for the same legitimate interests of business partners and organizations with whom we work.

• Consent: Where required by law, and in some other cases, we process personal information on the basis of consent. For example, we may send certain marketing emails to individuals who have requested them.
• To honor our contractual commitments to an individual: Some of our processing of personal information is done to meet our contractual obligations to the individuals to whom the personal information relates, or to take steps at their request in anticipation of entering into a contract with them. For example, when an individual places an order, we can process their payment information on this basis.
• Legal compliance: We need to use and disclose personal information in certain ways to comply with our legal obligations.

CHILDREN’s PRIVACY

The online Services are not intended for, and are not intentionally targeted to, children under 16, and we do not knowingly request or collect personal information from any person under 16 years of age through the online Services. If we learn that we have received personal information through any online or offline channel regarding a child under circumstances where the law requires deletion of the information, we will delete it.

YOUR CHOICES

If at any time you want to update certain personal information we have about you, or if you wish to change certain preferences (including certain communication preferences), you may do so by (1) logging into your registered website or App account and changing your account settings (including location tracking), or (2) contacting us as described at the end of this Privacy Policy.

You also can make certain choices by using the options described in the “Information Collected Automatically” section above.  If you no longer wish to provide us information through the App, you may uninstall the App from your device.

We use cookies to provide you a customized experience both within our website and through our various advertising materials. If you would like to delete cookies or change the settings on your web browser to delete or refuse cookies, please visit the Help pages of your web browser:

• Google Chrome: https://support.google.com/chrome/answer/95647
• Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
• Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
• Safari: https://support.apple.com/en-ph/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Please keep in mind that if you delete cookies or refuse to accept them, you might not be able to use all of the features on our website, you may not be able to store your preferences, and some of our pages may not display properly.

Individuals in the European Union and some other jurisdictions (including the UK, regardless of Brexit status) have certain additional legal rights to do the following with personal information we handle:

• obtain confirmation of whether we hold personal information about them, and receive information about how it is used and disclosed;
• obtain a copy of the personal information, and in some cases, receive it in a structured, commonly used and machine-readable format, or have it be transmitted to a third party in such form;
• update, correct or delete the information;
• object to the use or disclosure of the information;
• withdraw consent previously provided for the handling of the information (without affecting the lawfulness of prior use and disclosure of the information); and
• obtain a restriction on the use of the information.

For example, individuals whose personal information is subject to the General Data Protection Regulation (GDPR) have a right to opt out of our handling of their personal information for direct marketing purposes.

Many of the rights described above are subject to limitations or exceptions under applicable law.

If you wish to exercise any of these rights, or raise a complaint on how we have handled your personal information, please contact us as described at the end of this Privacy Policy. Individuals also have a right to file a complaint with the relevant supervisory authority, but we invite you to kindly first give us an opportunity to address your concern. 

SECURITY

We use various security measures as part of an effort to protect your personal information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Nevertheless, transmission and storage are not completely secure (whether online or offline) and we cannot guarantee the security of your information.

INTERNATIONAL DATA TRANSFER

Some of the recipients of personal information described in this Privacy Policy are located in the United States or in other countries with data protection laws that the European Commission has not recognized as providing an adequate level of privacy protection.  However, this Privacy Policy will continue to apply to personal information collected under this Privacy Policy when it is held by any member of the Chipotle corporate family or by any third-party processor that has been engaged by any Chipotle entity, regardless of location.

LINKS TO OTHER WEBSITES AND SERVICES

The Services may offer links to websites and other services that are not maintained by Chipotle. By visiting one of these linked websites or services, you are subject to their privacy and other policies. We are not responsible for, or able to monitor or control, the policies and practices of other companies.

CHANGES TO CHIPOTLE’S PRIVACY POLICY

From time to time, Chipotle may change this Privacy Policy. Changes will be indicated by the “Last Updated” date at the top of this page.

CONTACT US

For questions about this Privacy Policy, you may contact us at privacy@chipotle.com or:

Chipotle Europe

83 Baker Street

Marylebone, London

W1U 6AG