Burger King Privacy IE

 

Last revised 9th June 2020

Privacy Notice Highlights

This summary provides the highlights of our Privacy Notice, but please click the full Privacy Notice to review the Privacy Notice in full.

This privacy notice describes the personal data we, Burger King Europe GmbH (Inwilerriedstrasse 61 6340 Baar, Switzerland), collect, how it is used and shared, and what rights you have in this regard (“Privacy Notice”). The Privacy Notice applies to any personal data collected about you by Burger King Europe GmbH when you visit our website (https://www.whopper.ie/) or use our mobile or tablet application (collectively, the “Services”).

Personal Data We Collect and Process
We collect and process various types of personal data about you in connection with the Services. The personal data we collect and process about you are usually restricted to personal data you provide to us directly for one of the following reasons:

  • You register or create an account with us on our mobile or tablet application
  • You make an application on our website
  • You subscribe to our email newsletter
  • You subscribe to our Wifi/website
  • You provide feedback to us on our website
  • You make a group booking on our website

In addition, we may collect personal data about you through your use of our Services.

Section 2 of the full Privacy Notice provides additional information about the information we collect and process.


How And On Which Legal Basis We Use Personal Data

We use the personal data we collect particularly to:

  • Authenticate and identify you for the purpose of communication
  • Communicate with you about our products, services, and promotions
  • Respond to your inquiries
  • Deliver targeted advertising, promotions, and offers
  • Develop and improve our Services, customer service, promotions, and products
  • Process payments
  • Deliver our products to you
  • Offer and carry out our loyalty program
  • Process your application

We will process your personal data on the legal basis of :

  • The performance of the contract or at your request processing prior to entering into contract
  • Compliance with legal obligations
  • Legitimate interests
  • Your consent

Section 3 of the full Privacy Notice provides additional information about how and on which legal basis we use personal data.

Personal Data Retention Time

We will keep your personal data for as long as it is needed to fulfil the purposes for which it was collected and in order to comply with legal or regulatory requirements. Section 4 of the full Privacy Notice provides additional information about how long we store your personal data.

Sharing of Personal Data

We may share your personal data with:

  • Business partners who carry out the services you requested (e.g. sponsors)
  • Service providers that provide services on our behalf (e.g. IT service providers, delivery services, hosting vendors, advertising service providers, data analytics companies, marketing service companies, and list managers)
  • Other parties when required or permitted by law, as necessary to protect our users, or in connection with a corporate transaction.

We may provide aggregated personal data, and data with personal identifiers removed, to third parties to describe how our customers are using the Services. We also may share personal data about you with third parties whenever you consent to or direct such sharing.

Section 5 of the full Privacy Notice provides additional information about how and with whom we share personal data.

Online Advertising and Cookies

We and other companies that provide advertising and other services on our Services may use cookies, web beacons, do-not-track signals, and similar technologies to improve and customize your advertisements and your experience using our Services.

Section 6 of the full Privacy Notice provides additional information about our collection of information through these technologies.

Privacy, Access Choices and Rights Available To You

Under data protection law, you have rights we need to make you aware of. For example, you may block cookies and similar technologies, opt out of receiving certain targeting advertising, and opt out of receiving commercial communications. You have also the right to request access to your personal data, the right to rectification of inaccurate personal data, the right to deletion of your personal data (under certain circumstances), the right to limit the processing of your personal data (under certain circumstances), the right to data portability, the right to object to the processing of your personal data (in certain circumstances), the right to withdraw your consent for data processing and the right to lodge a complaint with a supervisory authority.

Section 7 and 8 of the full Privacy Notice provide more information about your rights and how to manage the privacy and access choices available to you.

Data Security and Other Important Information

We have in place certain procedures to protect your personal data in our custody and control.

Section 9 and 10 of the full Privacy Notice provide additional important information about our data security practices, links to third party sites, children’s privacy, and international transfers of personal data.

Privacy Notice

This Privacy Notice describes the personal data we, Burger King Europe GmbH (Inwilerriedstrasse 61 6340 Baar, Switzerland), collect, how it is used and shared, and what rights you have in this regard. The Privacy Notice applies to any personal data collected about you by Burger King Europe GmbH when you visit our website (https://www.whopper.ie/) or use our mobile or tablet application (collectively, the “Services”).

1. Data Controller and Data Protection Officer Contact Details
Your personal data provided is processed by the following Data Controller:
Burger King Europe GmbH
Inwilerriedstrasse 61
6340 Baar
Switzerland

In case of any questions or concerns, please contact our Data Protection Officer using the details below:
Via email: BKIrelandDPO@rbi.com

2. Personal Data We Collect and Process

We collect and process various types of personal data about you in connection with the Services. The personal data we collect and process about you are usually restricted to the personal data you provide to us directly or through your use of our Services.

Data you provide to us. We collect personal data you give us when you use the Services. Usually, you provide us with your personal data for one of the following reasons:

  • You register or create an account with us on our mobile or tablet application
  • You make an application on our website
  • You subscribe to our email newsletter
  • You subscribe to our Wifi/website
  • You provide feedback to us on our website
  • You make a group booking on our website

For example, when you visit one of our Services, create an account with us, or participate in a survey or promotion, we may ask for information such as your name, e-mail address, postal address, mobile phone number, or password (hashed, not in plain text & irreversible) so that we can provide our Services to you and fulfill your inquiries. We may collect payment information, such as payment method, your credit card number, security code and expiration date, to process a financial transaction you have requested. We also may collect information about your orders and the products you buy, such as allergies and dietary preferences, as well as redemptions and where and how frequently you buy our products, your use of coupons and stored-value cards, and the rewards you earn through our loyalty programs so that we can learn more about your interests and better serve you.

You are not obliged to provide your personal data to us (neither statutorily nor contractually). However, if you decide not to provide your personal data, we may not be able to (fully) provide our Services to you or to fulfill your inquiries.

Data about your use of the services. In addition to the personal data you provide to us directly, we may collect personal data about your use of the Services. For example, we may collect:

  • Device information — such as your hardware model, IP address, other unique device identifiers, operating system version, and settings of the device you use to access the Services.
  • Usage information — such as information about the Services you use, the time and duration of your use of the Services and other information about your interaction with content offered through a Service, and any information stored in cookies and similar technologies that we have set on your device.
  • Location information — such as your computer’s IP address, your mobile device’s GPS signal or information about nearby WiFi access points and cell towers that may be transmitted to us when you use the Services.

Data from third-party sources. We may receive information about you from publicly and commercially available sources, as permitted by law, which we may combine with other information we receive from or about you. For example, we may receive personal data about you from a social media site if you connect to the Services through that site.

 

3. How And On Which Legal Basis We Use Personal Data

We use the personal data we collect particularly to:

  • Authenticate and identify you for the purpose of communication
  • Communicate with you about our products, services, and promotions
  • Respond to your inquiries
  • Deliver targeted advertising, promotions, and offers
  • Develop and improve our Services, customer service, promotions, and products
  • Process payments
  • Deliver our products to you
  • Offer and carry out our loyalty program
  • Process your application

We will process your personal data on the following legal basis:

  • Performance of a contract or at your request processing prior to entering into a contract

When you register or create an account.  If you choose to use certain features on the  Services, you may need to register or create an account and provide personal data such as name, email address, location, year of birth and a user name and password that you choose. We use this personal data to identify you and provide the requested feature and Services.

When you make a purchase. When you make purchases through the online Services, we may collect personal data such as your name, email address, billing address, the email or mailing address for delivery (if applicable), phone number, and payment card information. This personal data is used to process, fulfill and deliver your order.

When you send an application to us. If you send us an application via our Services, you need to provide certain personal data about you which we will use in the application process to decide whether we want to invite you for an interview and enter into an employment contract with you.

  • Compliance with legal obligations

When you use the services in contravention of the laws or service provider regulations. As soon as we become aware of the fact that you are using the electronically provided Services against provisions of the binding laws, or the Services terms & conditions or agreement you made with the Service provider on provision of these Services, we may use your personal data in order to establish your liability for such illegal use.

  • Our legitimate interest

To respond to you. When you contact us, we may collect personal data that identifies you (such as your name, address and a phone number) along with additional information we need to help us promptly answer your question or respond to your comment.

To establish, exercise or defend against any legal claims. We may process your personal data in order to establish, exercise or defend any legal claims involving us.

  • Consent

Consent. We may otherwise use your personal data only with your consent or at your direction.

Your personal data will not be subject to automatic decision-making.

4. Personal Data Retention Time

We will keep your personal data for as long as it is needed to fulfil the purposes for which it was collected (e.g. if it was collected for the performance of a contract your personal data will be stored for the duration of the contractual relationship to fulfill the contract) and in order to comply with legal or regulatory requirements. This may mean that some personal data is held for longer than other personal data.

For instance:

  • Personal data you provided in your customer account you created / though your website subscription will be retained until you delete your customer account / unsubscribe.
  • Personal data you provided through our feedback function or by making a group booking will be retained for three months and deleted afterwards.

Exceptions to the aforesaid retention periods apply if we are required by applicable law to retain your persona data for longer or shorter.

If you have a specific query regarding a particular data retention period, please contact our Data Protection Officer, who will be happy to assist you.

5. Sharing of Personal Data

The following provides information about entities with which we may share your personal data. Our practices vary depending on the type of personal data and sharing.

Franchisees. We may share personal data with local owners of BURGER KING®, TIM HORTONS®, and POPEYES® restaurants, particularly when they will work with us in delivering Services to you. For example, local restaurants will implement delivery and take-away services that you may request through the Services. We also may provide our franchisees with personal data so that a local restaurant may provide you with offers and promotions that might interest you.

Business partners. We may also share your personal data with business partners to provide you with Services that you request. For example, if you sign up for a promotion that runs on our Services but that is sponsored or co-sponsored by another company, your personal data may be shared with that sponsor. Please be aware that these entities can have their own privacy practices establishing different rules than the ones stipulated in this Privacy Notice. Therefore, we recommend you review their privacy statements carefully.

Service providers. We may share personal data with companies providing services on our behalf, such as IT service providers, delivery services, hosting vendors, advertising service providers, data analytics companies, marketing service companies, and list managers. We also may share your personal data, including your payment information, as appropriate to process your payments for the Services or complete a transaction. Our service providers are given the information they need to perform their designated functions, and we do not authorize them to use or disclose personal data for their own marketing or other unrelated purposes.

Social media services. If you connect a social media account with the Services or engage with our services through a social media platform, we may share your personal data with that social media platform, and it may share personal data about you with us. We may use this personal data to personalize your experience on the Services and on the third-party social media platforms, or to provide you with offers or other products or Services you may request. The social media services’ use of the shared personal data will be governed by the social media services’ privacy statements and your social media account settings. If you do not want your personal data shared in this way, do not connect your social media service account with the Services.

Other parties when required or permitted by law, or as necessary to protect our users and services. We may use and share your personal data as we believe is necessary or appropriate to protect, enforce, or defend the legal rights, privacy, safety, or property of the Services, our employees or agents or users, to detect, suppress or prevent fraud or where otherwise required or permitted by applicable law or legal process, including responding to a search warrant or other legally valid requests from public and government authorities (which may include lawful access by governmental authorities, courts or law enforcement agencies).

Other parties in connection with a corporate transaction. We reserve the right to transfer any personal data we have about you in the event that we sell or transfer all or a portion of our business or assets to a third party, such as in the event of a merger, acquisition, or in connection with a bankruptcy reorganization.

Otherwise with your consent or at your direction. In addition to the sharing described in this Privacy Notice, we may share personal data about you with third parties whenever you consent to or direct such sharing.

Aggregated data. We also may provide aggregated personal data, and data with personal identifiers removed, to third parties to describe how our customers are using the Services.

6. Online Advertising and Cookies

Our Cookie Policy provides information about how we and other companies that provide advertising and other services on our Services may use cookies, web beacons, and similar technologies to facilitate administration and navigation, to better understand and improve our Services, to determine and improve the advertising shown to you here or elsewhere, and to provide you with a customized online experience.

7. Privacy Access Choices and Rights Available To You

Choices with respect to cookies and similar technologies. You may block cookies and similar technologies in your browser or device settings, as and if permitted by such device.

Choices with respect to interest-based advertising. You may object to profiling performed by us or third parties affiliated to us regarding direct marketing as well as to receiving targeted advertising from participating ad networks, audience segment providers, ad serving vendors, and other service providers by visiting websites operated by the Network Advertising Initiative and Digital Advertising Alliance or by sending an e-mail to privacy@rbi.com.

Manage your account. Wherever possible you may access, modify or delete your personal details on the relevant settings or profile page, or by contacting the Data Protection Officer at BKIrelandDPO@rbi.com with such written request.

Opt out from email promotions. You may opt out of receiving commercial email, text message, and other electronic messages from us (excluding transactional messages) by following the instructions contained in those messages.

8. Your Data Subject Rights

Your right of access. You have the right to ask us for copies of your personal data stored by us. This right always applies. There are some exemptions, which means you may not always receive all the personal data we process.

Your right to rectification. You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete personal data you think is incomplete. This right always applies.

Your right to erasure. You have the right to ask us to erase your personal data in certain circumstances.

Your right to restriction of processing. You have the right to ask us to restrict the processing of your personal data in certain circumstances.

Your right to object to processing. You have the right to object to the processing of your personal data by us in certain circumstances.

Your right to data portability. You have the right to ask that we transfer the personal data you gave us from one organisation to another, or give it to you. The right only applies if we are processing personal data based on your consent or under or in talks about entering into a contract and the processing is automated.

Your right to withdraw your consent. Where the processing of your personal data is based solely upon your consent, you have the right to withdraw your consent at any time. If you decide to withdraw your consent we will stop processing your personal data for that purpose. This will not impact on the legality of any processing undertaken by us prior to the withdrawal of your consent.

Your right to lodge a complaint. You can also lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes your rights under applicable data protection law. The Irish supervisory authority can be contacted at: www.dataprotection.ie.

9. Data Security

We have in place physical, electronic and organizational procedures to protect personal data in our custody and control against loss, accidental or unlawful destruction, theft and unauthorized access, use, modification and disclosure.

10. Other Important Information

Children’s privacy. We do not knowingly collect any personal data from children under the age of 16 without parental consent, unless permitted by law. If we learn that a child under the age of 16 has provided us with personal data, we will delete it in accordance with applicable law.

Links to third-party sites. Our Services may link to third-party websites and services that we do not operate and are outside of our control. We are not responsible for the security or privacy of any information collected by other websites or other services. Please exercise caution and review the privacy statements applicable to the third-party websites and services you use.

International transfers. The Services are headquartered in Switzerland. Please be aware that information you provide to us or that we obtain as a result of your use of the Services may be collected in your country and subsequently transferred to, maintained and processed in Switzerland, Ireland, or another country by us or the recipients described under section 5 of this Privacy Notice for the purposes mentioned above in accordance with applicable law. We may also transfer your personal data to third countries outside the European Union (“EU”) or the European Economic Area (“EEA”), which may provide lower standards for data protection as your country of residence, in particular to the United States of America (“USA”). While transferring your personal data to third countries we will ensure that the addressees provide appropriate safeguards, relying upon the Privacy Shield system and/or Standard Contractual Clauses. Information on the safeguards we use and the means by which you may obtain a copy of them will be available from the Data Protection Officer under BKIrelandDPO@rbi.com .

Changes to our Privacy Notice. We may modify this Privacy Notice from time to time. We will notify you of changes by posting changes here, or by other appropriate means. Any changes to the Privacy Notice will become effective when the updated Privacy Notice is posted on the Services and you were informed on the changes of our Privacy Notice.

Questions. Please contact our Data Protection Officer at BKIrelandDPO@rbi.com with any questions or concerns about this Privacy Notice or the manner in which we or our service providers treat your personal data.