This Privacy Policy describes how Chipotle Mexican Grill, Inc. and its subsidiaries and affiliates in Europe (“Chipotle”, “we”, “our”, “us”) may collect, use, and disclose personal information of visitors who access or interact with our mobile application (“App”) or our websites that link to this Privacy Policy, as well as other personal information about our customers. The App, those websites, our restaurants, and our related service offerings are referred to in this Privacy Policy as our “Services.”
Collection of information
When you visit or interact with the Services, Chipotle may obtain certain personal information from you, such as:
We may also create inferences from this information or from other personal information we hold.
If you submit someone else’s personal information to us (e.g., someone else’s contact information), you represent that you are authorized to provide this information to us.
Information Collected Automatically
We may collect certain information about you automatically when you visit or use our online Services. This information may include your IP address, device identifier, browser characteristics, operating system details, language preference, referring URLs, length of visits, and pages viewed. We automatically collect this information using various tools and technologies such as cookies and web server logs. A cookie is a piece of data that a website can send to your browser, which may then be stored on your computer, sometimes with a tag that identifies your computer. Many web browsers are set to accept cookies by default, but you may be able to set your browser to notify you before you receive a cookie, or to remove or reject cookies. Please note that disabling cookies may affect the availability and functionality of our online Services and other websites.
We may also use certain third-party web and mobile app analytics services – including but not limited to Google Analytics (opt out by installing Google Analytics’ opt-out browser add-on, and opt out of interest-based Google ads using Google’s Ads Settings), Twitter Analytics, and Facebook Custom Audiences – to help us understand and analyze how visitors use the online Services and serve ads on our behalf across the Internet. We’ve implemented Google Analytics Advertising features such as remarketing with analytics, interest-based advertising, demographics and interests reporting, user segment analysis, look-alike modeling and impression reporting. We and third-party vendors may use first-party cookies or other first-party identifiers as well as third-party cookies or other third-party identifiers to provide Chipotle with insight into behavior information relating to inferred visitor age, gender, and interests, and to deliver advertisements to you, create a profile of you, measure your interests, detect your demographics, detect your location, personalize content, and detect online behaviors such as site visitation, dwell time and actions taken. For more information on how the Google Marketing Platform uses the data collected through the online Services, visit: www.google.com/policies/privacy/partners/.
In addition to the automatic collection mechanisms listed above, we may also:
To find out more about how third-party analytics services manage the privacy of information in conjunction with delivering ads online, and how to opt-out of information collection or certain uses by these networks generally, including some companies mentioned above, please visit: http://www.youradchoices.com, http://www.aboutads.info/appchoices, http://www.networkadvertising.org, or https://www.networkadvertising.org/mobile-choice. Please note that we are not responsible for the opt out process of third parties.
Depending on your personal device and App permission settings, when using the App, we may collect or have access to your:
You may be able to enable or disable location tracking by the App by adjusting the permissions in your account or device settings. Be aware that if GPS precise location services are disabled, other means of establishing or estimating location (e.g., connecting to or proximity to Wi-Fi, Bluetooth, beacons, or our networks) may persist. Enabling location tracking may allow the App to track your location in the background, which can decrease battery life.
We will store personal information we obtain for no longer than is necessary to achieve the purposes for which the information was collected, or as otherwise required or permitted under applicable law.
Note that for information we collect via Apple services (e.g., iOS), we will obtain your consent before sharing your personal information with third parties for those third parties’ direct marketing purposes.
Information Collected From Third Parties
We may receive personal information from other companies in our corporate family. Third-party service providers may share with us your personal information that you submit to them. For example, if you apply for a job using the career portal, order food or catering, order gift cards, make a purchase for merchandise, make a payment through the Services, or provide feedback on your experiences, you may submit personal information to one or more third parties that may share your information with us. Additionally, for certain features of the online Services, you may log in through your third-party social media account or share content from the online Services through third-party social media platforms. We may combine information that we have about you with information we obtain from third parties. When you submit information to a third party, you are subject to that third party’s terms of use and privacy policies, for which we are not responsible.
Use of Information
We may use personal information we obtain about you to:
SHARING OF INFORMATION
We may share your personal information with our third-party service providers for a variety of reasons, such as fulfilling orders, assisting with promotions, performing website analytics, delivering relevant marketing messages and advertisements, providing technical services, and otherwise carrying out any of the uses and disclosures described in this Privacy Policy. We generally require our service providers to provide at least the same or equal protection of user data as stated in this Privacy Policy.
Some of the third-party service providers (for example, those mentioned in the “Information Collected Automatically” Section above) may view, edit, or set their own tracking technologies/cookies.
We may also publicly post on our online Services certain user-generated content you submit to us.
In the event of a business transaction, such as if we sell or transfer all or a portion of our business or assets (e.g., further to a merger, reorganization, liquidation, or any other business transaction, including negotiations of such transactions), we reserve the right to disclose any information we obtain through the Services. You acknowledge that such transfers may occur and are permitted by this Privacy Policy. To the extent legally permitted, the acquiring party may use the information pursuant to their own privacy policy instead of this one.
We may also disclose personal information when required by subpoena, search warrant, or other legal processes, or in response to activities that are unlawful or a violation of Chipotle’s rules for use of the Services, or to protect and defend the rights or property of Chipotle or others.
LEGAL BASIS FOR PROCESSING
Our legal grounds for processing personal information are as follows:
We may also process personal information for the same legitimate interests of business partners and organizations with whom we work.
CHILDREN’s PRIVACY
The online Services are not intended for, and are not intentionally targeted to, children under 16, and we do not knowingly request or collect personal information from any person under 16 years of age through the online Services. If we learn that we have received personal information through any online or offline channel regarding a child under circumstances where the law requires deletion of the information, we will delete it.
YOUR CHOICES
If at any time you want to update certain personal information we have about you, or if you wish to change certain preferences (including certain communication preferences), you may do so by (1) logging into your registered website or App account and changing your account settings (including location tracking), or (2) contacting us as described at the end of this Privacy Policy.
You also can make certain choices by using the options described in the “Information Collected Automatically” section above. If you no longer wish to provide us information through the App, you may uninstall the App from your device.
We use cookies to provide you a customized experience both within our website and through our various advertising materials. If you would like to delete cookies or change the settings on your web browser to delete or refuse cookies, please visit the Help pages of your web browser:
Please keep in mind that if you delete cookies or refuse to accept them, you might not be able to use all of the features on our website, you may not be able to store your preferences, and some of our pages may not display properly.
Individuals in the European Union and some other jurisdictions (including the UK, regardless of Brexit status) have certain additional legal rights to do the following with personal information we handle:
For example, individuals whose personal information is subject to the General Data Protection Regulation (GDPR) have a right to opt out of our handling of their personal information for direct marketing purposes.
Many of the rights described above are subject to limitations or exceptions under applicable law.
If you wish to exercise any of these rights, or raise a complaint on how we have handled your personal information, please contact us as described at the end of this Privacy Policy. Individuals also have a right to file a complaint with the relevant supervisory authority, but we invite you to kindly first give us an opportunity to address your concern.
SECURITY
We use various security measures as part of an effort to protect your personal information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Nevertheless, transmission and storage are not completely secure (whether online or offline) and we cannot guarantee the security of your information.
INTERNATIONAL DATA TRANSFER
Some of the recipients of personal information described in this Privacy Policy are located in the United States or in other countries with data protection laws that the European Commission has not recognized as providing an adequate level of privacy protection. However, this Privacy Policy will continue to apply to personal information collected under this Privacy Policy when it is held by any member of the Chipotle corporate family or by any third-party processor that has been engaged by any Chipotle entity, regardless of location.
LINKS TO OTHER WEBSITES AND SERVICES
The Services may offer links to websites and other services that are not maintained by Chipotle. By visiting one of these linked websites or services, you are subject to their privacy and other policies. We are not responsible for, or able to monitor or control, the policies and practices of other companies.
CHANGES TO CHIPOTLE’S PRIVACY POLICY
From time to time, Chipotle may change this Privacy Policy. Changes will be indicated by the “Last Updated” date at the top of this page.
CONTACT US
For questions about this Privacy Policy, you may contact us at privacy@chipotle.com or:
Chipotle Europe
83 Baker Street
Marylebone, London
W1U 6AG