INFORMATION YOU PROVIDE
When you visit or interact with the Services, Chipotle may obtain certain personal information from you, such as:
· Names, addresses, contact numbers, and email addresses;
· Date of birth and gender;
· Records of your orders and other transactions with us;
· Credit/debit card number(s) and account information, including associated billing address(es) and expiration date(s);
· Information provided via surveys, focus groups, and/or other marketing research efforts;
· Employer and/or other company affiliations (e.g., employer names, titles, work addresses, and other contact information);
· Job application information (e.g., resume, employment and educational history, references);
· Precise location;
· Other information described in the Information Collected Automatically section below (some of which is personal information).
We may also create inferences from this information or from other personal information we hold.
If you submit someone else’s personal information to us (e.g., someone else’s contact information), you represent that you are authorized to provide this information to us.
We may collect certain information about you automatically when you visit or use our online Services. This information may include your IP address, device identifier, browser characteristics, operating system details, language preference, referring URLs, length of visits, and pages viewed. We automatically collect this information using various tools and technologies such as cookies and web server logs. A cookie is a piece of data that a website can send to your browser, which may then be stored on your computer, sometimes with a tag that identifies your computer. Many web browsers are set to accept cookies by default, but you may be able to set your browser to notify you before you receive a cookie, or to remove or reject cookies. Please note that disabling cookies may affect the availability and functionality of our online Services and other websites.
We may also use certain third-party web and mobile app analytics services – including but not limited to Google Analytics (opt out by installing Google Analytics’ opt-out browser add-on, and opt out of interest-based Google ads using Google’s Ads Settings), Twitter Analytics, and Facebook Custom Audiences – to help us understand and analyze how visitors use the online Services and serve ads on our behalf across the Internet. We’ve implemented Google Analytics Advertising features such as remarketing with analytics, interest-based advertising, demographics and interests reporting, user segment analysis, look-alike modeling and impression reporting. We and third-party vendors may use first-party cookies or other first-party identifiers as well as third-party cookies or other third-party identifiers to provide Chipotle with insight into behavior information relating to inferred visitor age, gender, and interests, and to deliver advertisements to you, create a profile of you, measure your interests, detect your demographics, detect your location, personalize content, and detect online behaviors such as site visitation, dwell time and actions taken. For more information on how the Google Marketing Platform uses the data collected through the online Services, visit: www.google.com/policies/privacy/partners/.
In addition to the automatic collection mechanisms listed above, we may also:
· Use Microsoft’s Bing Universal Event Tracking (UET) feature, in which case Microsoft collects your personal information (see Microsoft Privacy Statement).
To find out more about how third-party analytics services manage the privacy of information in conjunction with delivering ads online, and how to opt-out of information collection or certain uses by these networks generally, including some companies mentioned above, please visit: http://www.youradchoices.com, http://www.aboutads.info/appchoices, http://www.networkadvertising.org, or https://www.networkadvertising.org/mobile-choice. Please note that we are not responsible for the opt out process of third parties.
You may be able to enable or disable location tracking by the App by adjusting the permissions in your account or device settings. Be aware that if GPS precise location services are disabled, other means of establishing or estimating location (e.g., connecting to or proximity to Wi-Fi, Bluetooth, beacons, or our networks) may persist. Enabling location tracking may allow the App to track your location in the background, which can decrease battery life.
We will store personal information we obtain for no longer than is necessary to achieve the purposes for which the information was collected, or as otherwise required or permitted under applicable law.
Note that for information we collect via Apple services (e.g., iOS), we will obtain your consent before sharing your personal information with third parties for those third parties’ direct marketing purposes.
Information Collected From Third Parties
USE OF INFORMATION
We may use personal information we obtain about you to:
SHARING OF INFORMATION
Some of the third-party service providers (for example, those mentioned in the “Information Collected Automatically” section above) may view, edit, or set their own tracking technologies/cookies.
We may also publicly post on our online Services certain user-generated content you submit to us.
We may also disclose personal information when required by subpoena, search warrant, or other legal processes, or in response to activities that are unlawful or a violation of Chipotle’s rules for use of the Services, or to protect and defend the rights or property of Chipotle or others.
The online Services are not intended for, and are not intentionally targeted to, children under 13, and we do not knowingly request or collect personal information from any person under 13 years of age through the Services. If we learn that the online Services have received personal information directly from a child who is under the age of 13, we will delete the information in accordance with applicable law.
You also can make certain choices by using the options described in the “Information Collected Automatically” section above. If you no longer wish to provide us information through the App, you may uninstall the App from your device.
Please keep in mind that if you delete cookies or refuse to accept them, you might not be able to use all of the features on our website, you may not be able to store your preferences, and some of our pages may not display properly.
Individuals in Canada have certain legal rights to do the following with personal information we handle:
We use various security measures as part of an effort to protect your personal information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Nevertheless, transmission and storage are not completely secure (whether online or offline) and we cannot guarantee the security of your information.
INTERNATIONAL DATA TRANSFER
NOTICE TO CALIFORNIA RESIDENTS
To make a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident, and provide your current California address, to which we will send our response. Your inquiry must specify “California Privacy Rights Request” in the subject line of the email or the first line of the letter, and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one such request per individual each year.
The following section provides detailed information applicable only to California residents under the California Consumer Privacy Act (CCPA), including details on those individuals’ rights and choices under the CCPA.
Collection, Use and Disclosure of California Personal Information
Right to Information: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months:
Right to Access: Subject to certain exceptions, you have the right to request that we provide to you a copy of the specific pieces of information we collected about you in the 12 months preceding your request.
Right to Delete: You have the right to request that we delete, the personal information about you that we collected and retained, unless an exemption applies. For example, we may deny your deletion request should the information be necessary for us or our service providers to:
While you have the right to make a deletion request at any time, kindly note that processing this right would cause you may lose any promotional offers provided as a result of maintaining a Chipotle Rewards account with us. This may include any benefit provided through the exclusive use of Rewards account, like any accrued points, prizes, and promotional coupons.
If you would like to submit a request for information, access or deletion, you may:
Verified Request: Only you, or someone authorized to act on your behalf, may make a verifiable request related to your personal information. You may also make a verifiable request on behalf of your minor child.
You may only make a verifiable request for access twice within a 12-month period. The verifiable request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable request does not require you to create an account with us.
Extension: Chipotle will make an effort to fulfill verified requests within 45 days of receipt. However, the period for responding to your verified request may be extended, based on the complexity and the number of requests received. If this extension is required, Chipotle will communicate the extension and the reason(s) for the delay within 45 days of receiving the request.
Right to Opt Out of “Sale” Under the CCPA: You have the right to direct us not to “sell” your personal information as that term is defined under the CCPA (“opt-out”). We do not “sell” personal information if we have actual knowledge that the consumer is less than 16 years of age, unless we receive affirmative authorization (“opt-in”) from either the consumer between 13 and 15 years of age, or the parent or guardian of a consumer less than 13 years of age.
If you prefer that we not “sell” your personal information you may:
Because our use of third-party services identified in the “Information Collected Automatically” section above may constitute a “sale” under the CCPA, we also encourage you to also exercise all of the choices available there from every browser that you use to access our websites. We cannot provide a guarantee about how the third parties will respond to such to such actions.
Nondiscrimination: You also have certain rights under the CCPA not to be subject to certain negative consequences for exercising CCPA rights.
LINKS TO OTHER WEBSITES AND SERVICES
The Services may offer links to websites and other services that are not maintained by Chipotle. By visiting one of these linked websites or services, you are subject to their privacy and other policies. We are not responsible for, or able to monitor or control, the policies and practices of other companies.
Attn: Privacy Officer
Chipotle Mexican Grill, Inc.
610 Newport Center Dr.
Newport Beach, CA 92660