Privacy Policy

1. Introduction

Church's Chicken ("we," "us," or "our") is committed to protecting the privacy and security of our customers' personal information. This Privacy Policy describes how we collect, use, disclose, and protect information about you when you use our website, mobile applications, food delivery services, and related services (collectively, our "Services").

This policy applies to all information collected through our Services, including when you visit our restaurants, place orders online or through our mobile app, participate in our loyalty program, or interact with our customer service team. By using our Services, you agree to the collection and use of information in accordance with this policy.

Important: We never sell your personal data to third parties. Your trust is paramount to us, and we are committed to maintaining the highest standards of data protection and privacy.

2. Information We Collect

We collect several types of information to provide and improve our food services, enhance your dining experience, and ensure efficient order processing and delivery.

2.1 Information You Provide to Us

• Personal Identification Information: Name, email address, phone number, date of birth, and billing/delivery addresses
• Account Information: Username, password, order history, and account preferences
• Payment Information: Credit card details, billing information (securely encrypted and stored through PCI-compliant payment processors)
• Order and Dietary Information: Food preferences, allergen information, special dietary requirements (vegan, halal, kosher, gluten-free), favorite orders, and customization preferences
• Loyalty Program Data: Points balance, rewards history, membership tier, and participation in promotional offers
• Communication Records: Contact form submissions, customer service interactions, feedback, reviews, and survey responses
• Catering Information: Event details, guest count, delivery instructions, and special requests for catering orders
• Reservation Data: Table booking preferences, party size, special occasions, and seating requests
• Marketing Preferences: Email subscription choices, notification preferences, and promotional communication settings

2.2 Information We Collect Automatically

• Device Information: IP address, browser type and version, operating system, mobile device identifiers, and device settings
• Usage Data: Pages visited, time spent on our website/app, click patterns, search queries, order frequency, and feature usage
• Location Information: Approximate location derived from IP address, GPS coordinates (with permission) for delivery services, and restaurant location preferences
• Cookie and Tracking Data: Session IDs, user preferences, authentication tokens, analytics data, and website interaction patterns
• Transaction Data: Order details, payment methods used, transaction amounts, delivery times, and order completion status

2.3 Information from Third Parties

• Social Media Integration: Profile information from connected social media accounts (Facebook, Google, Apple) if you choose to sign in through these platforms
• Payment Processors: Transaction verification and fraud prevention data from payment service providers
• Delivery Partners: Delivery status updates, driver location, and delivery confirmation from third-party delivery services
• Marketing Partners: Demographic information and marketing effectiveness data from advertising platforms and analytics providers
• Review Platforms: Public reviews and ratings you post on third-party review websites about our services

3. How We Use Your Information

We use the collected information for various legitimate business purposes to provide excellent food service, enhance customer experience, and maintain operational efficiency.

3.1 Service Provision and Order Management

• Order Processing: Taking, preparing, and fulfilling food orders, including customizations and special dietary requirements
• Delivery Coordination: Arranging delivery services, providing real-time order tracking, and ensuring timely delivery to your specified address
• Account Management: Creating and maintaining user accounts, authentication, password resets, and profile management
• Payment Processing: Securely processing payments, handling refunds, managing loyalty program points, and maintaining transaction records
• Customer Support: Responding to inquiries, resolving order issues, handling complaints, and providing assistance with our services
• Quality Improvement: Analyzing order patterns, customer feedback, and service metrics to enhance food quality and service efficiency

3.2 Communication and Customer Service

• Order Communications: Sending order confirmations, preparation updates, delivery notifications, and completion confirmations
• Service Notifications: Alerting you about menu changes, restaurant hours, delivery area updates, and service disruptions
• Customer Support: Responding to customer service requests, feedback, complaints, and providing assistance with orders or account issues
• Important Updates: Communicating policy changes, terms of service updates, security notifications, and other important service-related information
• Marketing Communications: Sending promotional emails, special offers, loyalty program updates, and new menu item announcements (only with your explicit consent)

3.3 Marketing, Analytics, and Personalization

• Personalized Recommendations: Suggesting menu items based on your order history, dietary preferences, and favorite cuisines
• Targeted Advertising: Delivering relevant advertisements on our platforms and third-party websites based on your interests and preferences
• Marketing Analytics: Measuring the effectiveness of marketing campaigns, analyzing customer acquisition costs, and optimizing promotional strategies
• Loyalty Programs: Managing rewards programs, calculating points and benefits, and providing personalized offers to loyal customers
• Market Research: Conducting surveys, analyzing customer satisfaction, and gathering feedback for new product development
• Website Analytics: Understanding user behavior, optimizing website performance, and improving user interface design

3.4 Legal Compliance and Security

• Legal Obligations: Complying with applicable laws, regulations, and industry standards related to food service and data protection
• Fraud Prevention: Detecting and preventing fraudulent transactions, unauthorized access, and suspicious account activity
• Security Monitoring: Protecting our systems, networks, and customer data from security threats and cyberattacks
• Dispute Resolution: Resolving legal disputes, handling complaints, and providing information for legal proceedings when required
• Regulatory Compliance: Meeting food safety regulations, health department requirements, and financial reporting obligations

4. Information Sharing and Disclosure

We do not sell your personal information to third parties. However, we may share your information in certain circumstances to provide our services and meet legal obligations.

4.1 Service Providers and Business Partners

• Payment Processors: Secure payment handling companies (Stripe, PayPal, Square) for transaction processing and fraud prevention
• Delivery Services: Third-party delivery companies (DoorDash, Uber Eats, Grubhub) for order fulfillment and delivery coordination
• Cloud Storage Providers: Secure data hosting services (AWS, Google Cloud, Microsoft Azure) for data storage and backup
• Email Marketing Services: Email service providers (Mailchimp, Constant Contact) for sending newsletters and promotional communications
• Analytics Providers: Analytics companies (Google Analytics, Adobe Analytics) for website performance analysis and user behavior insights
• Customer Support Tools: Help desk software providers for managing customer inquiries and support tickets
• Marketing Platforms: Advertising networks and social media platforms for targeted marketing campaigns

4.2 Legal Requirements and Protection

• Legal Process: Responding to court orders, subpoenas, search warrants, and other valid legal requests from law enforcement agencies
• Regulatory Compliance: Providing information to government agencies and regulatory bodies as required by applicable laws and regulations
• Rights Protection: Defending our legal rights, intellectual property, and business interests in legal proceedings
• Safety and Security: Protecting the safety of our customers, employees, and the public from harm or illegal activities
• Emergency Situations: Sharing information in emergency situations to protect life, health, or property

4.3 Business Transfers and Corporate Changes

• Mergers and Acquisitions: Transferring customer data in connection with business mergers, acquisitions, or asset sales
• Corporate Restructuring: Sharing information during corporate reorganization, bankruptcy proceedings, or business restructuring
• Asset Sales: Including customer databases in the sale of business assets or intellectual property
• Customer Notification: We will notify customers before any transfer and ensure the new owner complies with this privacy policy
• Continued Protection: Ensuring that transferred data remains subject to privacy protections equivalent to this policy

4.4 Consent-Based Sharing

• Explicit Consent: Sharing information for purposes not covered by this policy only with your explicit, informed consent
• Social Media Integration: Sharing information with social media platforms when you choose to connect your accounts or share content
• Third-Party Integrations: Connecting with third-party applications or services that you explicitly authorize
• Research Participation: Including your data in research studies or surveys only with your voluntary participation

5. Data Security

We implement comprehensive security measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction.

5.1 Technical Security Measures

• Encryption: All data transmission is protected using industry-standard SSL/TLS encryption (256-bit encryption) to secure data in transit
• Data Storage Security: Personal information is stored in encrypted databases with advanced access controls and authentication requirements
• Firewall Protection: Advanced firewall systems and intrusion detection systems protect our networks from unauthorized access and cyber threats
• Access Controls: Multi-factor authentication and role-based access controls ensure only authorized personnel can access customer data
• Network Security: Secure network architecture with isolated systems and regular security monitoring to detect and prevent threats
• Regular Backups: Automated and secure data backups to prevent data loss and ensure business continuity
• Security Updates: Regular software updates, security patches, and system maintenance to address vulnerabilities

5.2 Organizational Security Measures

• Employee Training: Comprehensive security awareness training for all employees handling customer data, including privacy regulations and best practices
• Access Policies: Strict data access policies ensuring employees can only access information necessary for their specific job functions
• Confidentiality Agreements: All employees, contractors, and third-party service providers sign confidentiality and data protection agreements
• Incident Response: Detailed security incident response procedures to quickly identify, contain, and resolve any potential data breaches
• Regular Audits: Internal and external security audits to assess the effectiveness of our security measures and identify areas for improvement
• Compliance Monitoring: Ongoing monitoring of compliance with privacy regulations, industry standards, and internal security policies

5.3 Your Security Responsibilities

• Strong Passwords: Use strong, unique passwords for your account and avoid using the same password across multiple services
• Password Protection: Never share your account credentials with others and log out of your account when using public or shared computers
• Device Security: Keep your mobile devices and computers secure with updated antivirus software and operating system updates
• Phishing Awareness: Be cautious of suspicious emails, text messages, or phone calls requesting personal information or account credentials
• Account Monitoring: Regularly review your account activity and order history for any unauthorized transactions or changes
• Immediate Reporting: Report any suspected unauthorized access to your account or suspicious activity to our customer support team immediately

5.4 Security Breach Notification

In the unlikely event of a data security breach that affects your personal information, we will:

• Promptly investigate and assess the scope and impact of the breach
• Take immediate steps to contain the breach and prevent further unauthorized access
• Notify affected customers within 72 hours of discovering the breach, as required by applicable laws
• Provide clear information about what information was involved and what steps we are taking to address the breach
• Offer appropriate assistance, such as credit monitoring services if financial information was compromised
• Notify relevant regulatory authorities and law enforcement agencies as required by law
• Conduct a thorough post-incident review to strengthen our security measures and prevent similar incidents

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website and mobile applications, analyze usage patterns, and provide personalized services.

Tracking Technologies We Use:

• Google Analytics: Website traffic analysis, user behavior tracking, and performance measurement to improve our online services
• Facebook Pixel: Advertising campaign measurement, custom audience creation, and conversion tracking for Facebook and Instagram ads
• Web Beacons: Email open rate tracking, newsletter engagement measurement, and communication effectiveness analysis
• Local Storage: Storing user preferences, shopping cart contents, and application data directly in your browser for improved performance
• Session Replay Tools: Recording anonymized user sessions to understand user experience and identify usability issues
• Heatmap Technology: Analyzing user interaction patterns, click behavior, and website navigation to optimize user interface design

Cookie Management:

You can control and manage cookies through your browser settings. Most browsers allow you to:

• View, accept, or reject cookies before they are stored
• Delete cookies that have already been stored
• Block cookies from specific websites
• Block third-party cookies
• Delete all cookies when closing the browser

Important Note: Disabling certain cookies may affect website functionality, prevent you from accessing certain features, or impact the quality of your user experience. Essential cookies cannot be disabled as they are necessary for basic website functionality.

7. Your Rights and Choices

Under various privacy laws including GDPR (European Union), CCPA (California), and other applicable regulations, you have specific rights regarding your personal information.

7.1 Right of Access

You have the right to know what personal information we have collected about you, including:

• Categories of personal information collected
• Specific pieces of personal information we have about you
• Sources from which the information was collected
• Business purposes for collecting the information
• Categories of third parties with whom we share the information

7.2 Right to Rectification

You can request correction of inaccurate or incomplete personal information, including:

• Updating your contact information and delivery addresses
• Correcting dietary preferences and allergen information
• Modifying account settings and communication preferences
• Updating payment information and billing addresses

7.3 Right to Erasure (Right to be Forgotten)

You may request deletion of your personal information when:

• The information is no longer necessary for the purposes for which it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The information has been unlawfully processed
• Deletion is required for compliance with legal obligations

7.4 Right to Restrict Processing

You can request that we limit how we use your personal information when:

• You contest the accuracy of the information
• Processing is unlawful but you don't want deletion
• We no longer need the information but you need it for legal claims
• You have objected to processing pending verification of our legitimate interests

7.5 Right to Data Portability

You can request to receive your personal information in a structured, commonly used, and machine-readable format, including:

• Account information and profile data
• Order history and transaction records
• Loyalty program data and rewards information
• Communication preferences and settings

7.6 Right to Object

You have the right to object to certain types of processing, particularly:

• Direct marketing communications and promotional emails
• Processing based on legitimate interests
• Automated decision-making and profiling
• Use of information for analytics and research purposes

7.7 Right Against Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal effects or significantly affects you. This includes:

• Automated approval or denial of services
• Pricing decisions based on profiling
• Automated fraud detection that affects service access

How to Exercise Your Rights

To exercise any of these rights, you can:

• Contact our customer support team at [email protected]
• Call us at +1 346-571-7931 during business hours
• Submit a request through your account settings on our website or mobile app
• Send a written request to our physical address

Response Time: We will respond to your request within 30 days of receipt. If we need additional time, we will notify you of the extension and the reason for the delay.

Verification: To protect your privacy, we may need to verify your identity before processing certain requests. We will request only the information necessary for verification purposes.

8. Children's Privacy

Church's Chicken is committed to protecting the privacy of children and complying with the Children's Online Privacy Protection Act (COPPA) and other applicable child privacy laws.

Age Restrictions

Our Services are not intended for, directed to, or designed to attract children under the age of 16. We do not knowingly collect personal information from children under 16 years of age without verifiable parental consent.

Parental Rights and Responsibilities

If you are a parent or guardian and believe that your child under 16 has provided us with personal information, please contact us immediately at [email protected]. We will take the following actions:

• Investigate the collection of information
• Verify the child's age and parental relationship
• Provide notice of the collection to the parent or guardian
• Obtain verifiable parental consent if required
• Delete the child's information if consent is not obtained

Information We May Collect from Children (with Parental Consent)

If we receive verifiable parental consent, we may collect limited information from children only for the following purposes:

• Processing food orders placed by parents or guardians
• Accommodating special dietary requirements or food allergies
• Providing customer support for family orders
• Ensuring food safety and allergen management

Parental Controls

Parents and guardians have the right to:

• Review any personal information collected from their child
• Request deletion of their child's personal information
• Refuse to permit further collection or use of their child's information
• Receive notification before any material changes to our child privacy practices

Prompt Deletion: Upon discovering that we have collected personal information from a child under 16 without verifiable parental consent, we will promptly delete such information from our systems.

9. International Data Transfers

As a business operating globally, we may transfer your personal information to countries outside of your home country, including countries that may not have the same level of data protection laws.

9.1 Protection Measures for International Transfers

• Adequacy Decisions: We rely on adequacy decisions by the European Commission, including EU-Japan adequacy decisions and other approved transfer mechanisms
• Standard Contractual Clauses (SCC): We use EU-approved Standard Contractual Clauses to ensure appropriate safeguards for data transfers to countries without adequacy decisions
• Data Processing Agreements: All third-party service providers sign comprehensive data processing agreements that include privacy and security requirements
• Binding Corporate Rules: For transfers within our corporate group, we maintain binding corporate rules that ensure consistent privacy protection
• Certification Programs: We work with service providers who participate in recognized certification programs for data protection
• Regular Compliance Audits: We conduct regular audits to ensure ongoing compliance with international data transfer requirements

9.2 Common Transfer Destinations and Purposes

• United States: Cloud storage services, payment processing, customer support systems, and marketing analytics
• European Union: Data analytics, customer relationship management, and email marketing services
• Canada: Customer support operations, data backup services, and technical infrastructure
• Australia: Regional customer service, local marketing campaigns, and franchise support operations
• Other Countries: As needed for delivery services, payment processing, and technical support, always with appropriate protection measures in place

9.3 Your Rights Regarding International Transfers

You have the right to:

• Receive information about the countries where your data is processed
• Obtain copies of the safeguards we have in place for international transfers
• Object to international transfers in certain circumstances
• Request that your data be processed only in specific countries or regions

10. Data Retention Periods

We retain your personal information only for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements.

Safe Data Disposal Practices

When personal information reaches the end of its retention period, we ensure secure disposal through:

• Electronic Deletion: Complete and unrecoverable deletion of digital data using secure deletion methods that meet industry standards
• Physical Record Destruction: Secure shredding and destruction of any physical documents containing personal information
• Backup Data Removal: Systematic deletion of personal information from all backup systems and archives
• Third-Party Disposal: Ensuring that service providers also securely delete personal information in accordance with our agreements
• Disposal Documentation: Maintaining records of data disposal activities for audit and compliance purposes
• Hardware Destruction: Secure destruction or wiping of storage devices and hardware before disposal or recycling

Exceptions to Retention Periods

We may retain information longer than specified periods when:

• Required by law, regulation, or legal process
• Needed for ongoing legal disputes or investigations
• Necessary to protect our rights, property, or safety
• Required for regulatory audits or examinations
• Needed to prevent fraud or abuse of our services

11. Third-Party Links and Services

Our website and mobile applications may contain links to external websites, social media platforms, and third-party services that are not operated or controlled by Church's Chicken.

Our Responsibility for Third-Party Content

We are not responsible for the privacy practices, content, or security of third-party websites and services. When you click on external links or interact with third-party content, you are subject to the privacy policies and terms of service of those third parties.

Third-Party Services We May Link To

• Social Media Platforms: Facebook, Instagram, Twitter, YouTube, and other social networking sites
• Review Websites: Yelp, Google Reviews, TripAdvisor, and other review platforms
• Delivery Partners: Third-party delivery service websites and mobile applications
• Payment Providers: External payment processing websites and digital wallet services
• Maps and Location Services: Google Maps, Apple Maps, and other mapping services
• News and Media: News articles, blog posts, and media coverage featuring our restaurant

Your Responsibilities When Using Third-Party Services

• Carefully read the privacy policies and terms of service of any third-party website before providing personal information
• Be aware that third parties may collect, use, and share your information according to their own policies
• Adjust your privacy settings on social media platforms and other services to your comfort level
• Report any suspicious activity or privacy concerns directly to the third-party service provider
• Understand that we cannot control how third parties handle your personal information

Social Media Integration

If you choose to connect your social media accounts with our services or share content from our website on social media platforms, please be aware that:

• Information you share may be visible to your social media contacts and the public
• Social media platforms may collect information about your interaction with our content
• We may receive limited information from social media platforms when you interact with our content
• You can control social media sharing through your account settings and privacy preferences

12. Privacy Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or business operations.

12.1 How We Notify You of Changes

• Website Notice: We will post a prominent notice on our website homepage announcing any significant changes to this policy
• Email Notification: For material changes, we will send email notifications to all registered users at their primary email address
• In-App Notifications: Users of our mobile application will receive push notifications about important policy updates
• Account Login Notice: Pop-up notifications will appear when you log into your account after significant policy changes
• Social Media Updates: We may announce major policy changes on our official social media channels

12.2 Types of Changes and Required Consent

• Minor Changes: Technical updates, clarifications, and administrative changes that do not affect how we handle your personal information
• Material Changes: Significant modifications to data collection, use, sharing, or retention practices that require explicit user consent
• Legal Compliance Updates: Changes required by new laws, regulations, or court decisions
• Service Enhancement Changes: Updates related to new features, services, or business models

12.3 Your Options When We Update This Policy

• Review Changes: Carefully read the updated policy to understand what has changed
• Contact Us: Ask questions or request clarification about any changes you don't understand
• Accept Changes: Continued use of our services after the effective date constitutes acceptance of the new policy
• Opt Out: If you disagree with material changes, you can stop using our services and request account deletion
• Update Preferences: Adjust your privacy settings and communication preferences as needed

12.4 Checking for Updates

• The most current version of this Privacy Policy is always available on our website
• Check the "Last Updated" date at the top of this policy to see when it was most recently modified
• Subscribe to our newsletter to receive notifications about policy updates
• Bookmark this page to easily check for changes periodically

13.1 Privacy Complaints and Dispute Resolution

If you have concerns about our privacy practices, we encourage you to contact us directly first so we can work to resolve any issues. If you are not satisfied with our response, you may contact:

• United States: Federal Trade Commission (FTC) - consumer.ftc.gov
• European Union: Your local Data Protection Authority
• Canada: Office of the Privacy Commissioner of Canada - priv.gc.ca
• California Residents: California Attorney General's Office - oag.ca.gov

13.2 Specialized Contact Information

• Data Protection Officer: Available at [email protected] for EU/UK residents
• Privacy Rights Requests: Submit requests through our website contact form or email
• Security Incidents: Report security concerns immediately to [email protected]
• Marketing Opt-Out: Use the unsubscribe link in emails or contact customer service

14. Withdrawal of Consent

You have the right to withdraw your consent for certain types of data processing at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

14.1 Marketing Consent Withdrawal

You can withdraw consent for marketing communications through several methods:

• Email Unsubscribe: Click the "unsubscribe" link at the bottom of any marketing email
• Account Settings: Log into your account and update your communication preferences
• Customer Support: Contact our customer service team to opt out of marketing communications
• Phone Request: Call us at +1 346-571-7931 to request removal from marketing lists
• Written Request: Send a written request to our mailing address

14.2 Account Deletion Process

If you wish to delete your account and withdraw all consent:

1. Log into your account on our website or mobile app
2. Go to Account Settings > Privacy Settings
3. Select "Delete My Account" and follow the prompts
4. Confirm your identity through email or phone verification
5. Review what data will be deleted and what may be retained for legal compliance
6. Confirm your deletion request
7. Receive confirmation email within 48 hours

14.3 Data Retained After Account Deletion

Even after account deletion, we may retain certain information as required by law:

• Transaction records for tax and accounting purposes (7 years)
• Fraud prevention data for security purposes (3 years)
• Legal dispute records until resolution
• Anonymized analytics data that cannot identify you

14.4 Consequences of Withdrawal

Withdrawing consent may affect your ability to:

• Receive personalized offers and recommendations
• Get important service updates and notifications
• Access certain features of our website and mobile app
• Participate in loyalty programs and rewards
• Receive customer support for past orders

15. Conclusion

At Church's Chicken, protecting your privacy is not just a legal obligation—it's a fundamental part of our commitment to providing exceptional service and building lasting relationships with our customers. We understand that trust is earned through consistent actions, and we are dedicated to maintaining the highest standards of data protection and privacy.

Your personal information is valuable, and we treat it with the care and respect it deserves. We will continue to invest in advanced security technologies, comprehensive employee training, and robust privacy practices to ensure that your data remains safe and secure while enabling us to provide you with the best possible food service experience.

We recognize that privacy is an ongoing responsibility, not a one-time achievement. As technology evolves and privacy expectations change, we will adapt our practices to meet and exceed industry standards. We encourage you to stay informed about your privacy rights and to reach out to us with any questions, concerns, or suggestions you may have.

Thank you for choosing Church's Chicken and for trusting us with your personal information. We are committed to earning and maintaining that trust every day through our actions, transparency, and dedication to your privacy.

If you have any questions about this Privacy Policy or our privacy practices, please don't hesitate to contact us. We value your feedback and are always looking for ways to improve our privacy program.

Remember: This Privacy Policy was last updated on January 15, 2025. Please check this page periodically for updates and changes.