EFFECTIVE DATE: AUGUST 14, 2023
LAST REVIEWED ON: AUGUST 14, 2023
THE QDOBA WEBSITE AND MOBILE APPLICATIONS ARE ONLY INTENDED FOR USERS IN THE UNITED STATES OR CANADA. IF YOU RESIDE OUTSIDE OF THE UNITED STATES OR CANADA, PLEASE DO NOT USE ANY QDOBA WEBSITE OR ANY MOBILE APPLICATION.
This policy describes the information we collect about you or that you may provide to us, including, but not limited to, when you visit our website, www.QDOBA.com (the “Website”),use the QDOBA Rewards mobile application (the “App,” and together with the Website, our “Services”) or interact with us, whether online, in person or otherwise, and our practices for collecting, using, maintaining, protecting, and disclosing that information. Your participation in any of our Services is voluntary.
This policy applies to information we collect:
- On this Website, including when making online or catering orders through our Services.
- Within the QDOBA Rewards Mobile App, including when making online orders through our Services.
- In email, text, and other electronic messages using our Services.
- Through your participation in the QDOBA Rewards program or when you interact with other of our advertising applications on third-party websites, mobile applications and/or services, if those applications or advertising include links to this policy.
- When you respond to survey that we, or our third-party service providers, perform.
- When you participate in a promotional sweepstakes or other contest that we, or our third party service providers, conduct.
- From our affiliates and subsidiaries (but not our franchisees).
- Offline or through any other means of communication or methods of interaction.
This policy does not apply to information collected by any third party (including our franchisees (but not our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from our Services. In addition, this policy does not apply to information collected from or about our employees or contractors or our affiliates’ or subsidiaries’ employees or contractors (when acting as employees or contractors). Information collected from or about such employees or contractors will be used and protected pursuant to our employee policies. If you are any employee or contractor of QDOBA or one of its affiliates or subsidiaries, please contact human resources for more information about our employee policies.
CHILDREN UNDER THE AGE OF 16
Our Services are not intended for children under 16 years of age. No one under age 16 may provide any personal information to or on our Services and we do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on our Services or on or through any of its features, make any purchases through our Services, use any of interactive or public comment features of our Services or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or username you may use. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information.
If you believe we might have any information from or about a child under 16, please contact us at:
- www.qdoba.com/talk-to-us, or
- QDOBA RESTAURANT CORPORATION, 350 Camino de La Reina, Suite 400, San Diego, California, 92108.
INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
We collect several types of information from and about users of our Services, and products and services and those individuals that interact with us. We collect information: (i) by which you may be personally identified, such as name, birthdate, age, postal address, e-mail address telephone number, veteran status, personal preferences, credit card information, including billing address, or any other identifiers by which you may be contacted online or offline; (ii) that is about you but individually does not identify you, such as IP address or other online identifiers; and/or (iii) about your internet connection, the equipment you use to access our Website and usage details (collectively, “Personal Data”).
We collect this information:
- Directly from you when you provide it to us or a third party acting on our behalf.
- Automatically as you navigate through our Website.
- Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
Information You Provide to Us
The information we collect or receive may include:
- Information that you provide by filling in forms supplied on our Services. This includes information provided on or through our Services at the time of registering to use QDOBA Rewards, making online orders, posting material, making an inquiry concerning operating a QDOBA franchise, purchasing a physical or digital Q-Cash card or checking your balance on a Q-Cash card with our third-party partner, submitting feedback and inquiries via QDOBA.com/talk-to-us, using our location finder feature or requesting any other information or services. We may also ask you for information when you enter a contest or promotion sponsored by us, or when you report a problem with our Services.
- Your social media identification if you use social media single sign-on.
- Records and copies of your correspondence (including email addresses), if you contact us.
- Your responses to surveys that we or our service providers might ask you to complete.
- Details of transactions you carry out through our Services (including online orders and catering orders made through our Website) and of the fulfillment of your orders. You may be required to provide a credit card or other financial information before placing an order through our Services.
- Browsing history, search queries, search history, and other information on your interaction with our Services.
- Information that is about you but individually does not identify you, such as:
- Location information, including: QDOBA locations you may have visited, latitude and longitude (when location-based services are enabled) to provide targeted messaging and information on the nearest QDOBA locations, and delivery information provided during ordering.
- Your personal preferences including: dietary preferences, email and communication preferences; and other optional questions about your purchase behavior and menu preferences.
Information We Collect through Automatic Data Collection Technologies
As you navigate through and interact on our Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Details of your visits to our Services, including traffic data, location data, logs, and other communication data and the resources that you access and use on our Services.
- Information about your device and internet connection, including your IP address, operating system, and browser type.
We also may use these technologies to collect information about your online activities over time and across third-party websites or apps or other online services (behavioral tracking). Some web browsers may transmit “do not track” signals. Web browsers may incorporate or activate these features differently, making it unclear if users have consciously activated them. As a result, currently we do not take steps to respond to such signals. For more information, see CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION.
The information we collect automatically is generally statistical data and does not include Personal Data, but we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us to improve our Services and to deliver a better and more personalized service, including by enabling us to:
- Estimate our audience size and usage patterns.
- Store information about your preferences, allowing us to customize our Services according to your individual interests.
- Speed up your searches.
- Monitor, assess, manage, diagnose problems with, improve and otherwise administer our Services.
- Recognize you when you return to our Services.
Automatic and Third-Party Information Collection, Analysis and Tracking
When you use our Services (or their content), we or certain third parties may use automatic information collection technologies to collect information about you or your device. These third parties may include:
- Advertisers, ad networks and ad servers.
- Analytics companies.
- Your mobile device manufacturer.
- Your mobile service provider.
On the Website, the technologies we use for this automatic data collection may include:
- Flash Cookies. Certain features of our Services may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Services. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION. Web Beacons or Tracking Pixels. Pages of our Services or our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related Services statistics (for example, recording the popularity of certain content and verifying system and server integrity).
The information automatically collected and analyzed may include:
- Usage Details. Certain details of your access to and use of the Services, including traffic data, location data, logs and other communication data and the resources that you access and use on or through the Services.
- Device Information. Information about your mobile device, computer, and internet connection, including the device’s unique device identifier, IP address, operating system, browser type, mobile network information and the device’s telephone number.
- Stored Information and Files. Metadata and other information associated with other files stored on your device. This may include, for example, photographs, audio and video clips, personal contacts, and address book information.
- Location Information. Real-time information about the location of your device. Location information is analyzed and used to provide you with local restaurant menus and locations, to send targeted promotional offers, and for research purposes as described more below.
We may tie this information to Personal Data about you that we collect from other sources or that you provide to us.
There are additional disclosures for California, Colorado, Virginia, Connecticut, and Utah residents in the SPECIAL U.S. PRIVACY INFORMATION SECTION below.
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION.
There are additional disclosures for California, Colorado, Virginia, Connecticut, and Utah residents in the SPECIAL U.S. PRIVACY INFORMATION SECTION below.
HOW WE USE AND DISCLOSE YOUR INFORMATION
We use information that we collect about you or that you provide to us, including any Personal Data:
- To present our Services and their contents to you.
- To provide you with information, products, or services that you request from us.
- To market or advertise our products, services, promotions, contests and other activities;
- To provide you with notices about your QDOBA Rewards, and/or Catering accounts, including expiration notices.
- To carry out our obligations and enforce our rights arising from any contracts entered between you and us, including for billing and collection.
- To extent required under law, to notify you about changes to our Services or any products or services we offer or provide though it.
- To allow you to participate in interactive features on our Services such as checking Q-Cash card balance, managing QDOBA Rewards program and submitting online orders.
- To estimate our audience size and usage patterns.
- To store information about your preferences, allowing us to customize our Services according to your individual interests.
- To speed up your searches.
- To monitor, assess, manage, diagnose problems with, improve and otherwise administer our Services.
- To recognize you when you return to our Services.
- To provide, support, personalize, and develop our Website, App, products, and services.
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your App and Website experiences and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our App, Website, third-party sites, and via email or text message (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our App, Website, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including developing and improving our App, Website, products, and services.
- To notify you about changes to our Services or any products or services we offer or provide though it.
- To respond to law enforcement requests and/or as required by applicable law, court or governmental order, or other governmental regulation.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all QDOBA’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by QDOBA about our users is among the assets transferred.
- To fulfill any other purpose for which you provide it.
- In any other way we may describe when you provide the information.
- For any other purpose with your consent.
We may also use your information to contact you about our own and third-party goods and services that may be of interest to you. If you do not want us to use your information in this way, please check the relevant box located on the form on which we collect your data or adjust your user preferences in your account profile. For more information, see CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION.
We may use the Personal Data we have collected from you to enable us to display advertisements to our advertisers’ target audiences. Even though we do not disclose your Personal Data for these purposes without your notice, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.
There are additional disclosures for California, Colorado, Virginia, Connecticut, and Utah residents in the SPECIAL U.S. PRIVACY INFORMATION SECTION below.
DISCLOSURE OF YOUR INFORMATION
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
WE DO NOT SELL THE PERSONAL DATA WE COLLECT OR USE.
We may disclose Personal Data that we collect, or you provide as described in this policy:
- To our subsidiaries and affiliates.
- To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them (all of which are described herein).
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all QDOBA’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by QDOBA about our Services’ users is among the assets transferred.
- To governmental entities or other authorities as necessary to respond to law enforcement requests and/or as required by applicable law, court or governmental order, or other governmental regulation.
- To third parties to provide you with customized content, targeted offers, and advertising via email or push notification, or across our website, other websites, mobile applications, social media or online services. We contractually require these third parties to keep Personal Data confidential and use it only for the purposes for which we disclose it to them.
- To third parties to market their products or services to you if you have not opted out of these disclosures. We contractually require these third parties to keep Personal Data confidential and use it only for the purposes for which we disclose it to them. For more information, see CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION.
- To fulfill the purpose for which you provide it. For example, if you give us an email address to send an e-gift card to a friend, we will transmit the contents of that email and your email address to the recipient.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
We may also disclose your Personal Data:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of QDOBA, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION
We strive to provide you with choices regarding the Personal Data you provide us with. We have created mechanisms to provide you with the following control over your information:
- Promotional Offers from Us. If you do not wish to have your email address or contact information used by us to promote our products or services, you can opt-out of receiving promotional emails at the time of providing data or at any other time by logging into the Services and adjusting your user email preferences in your Account Profile. Please note that this opt-out does not apply to emails sent by us as a result of a product purchase, QDOBA Rewards account-related information, or other similar transactions. If we have sent you a promotional email, you may click on the “unsubscribe” link in the email footer to be omitted from all future email distributions. When you use the App, you may receive push notifications. If you prefer not to receive push notifications, you may adjust your settings on your mobile device to control whether you want to receive these alerts.
Our services do not honor “do not track” requests. However, you can find information on how to opt out of many websites and applications participating ad networks at the following sites:
Please note that opting out does not prevent you from seeing our online advertisements.
ACCESSING AND CORRECTING YOUR INFORMATION
You can review and change your Personal Data by logging into your QDOBA Rewards account on the
Services and visiting your Account Profile, or by logging into the App and adjusting your preferences on the Settings Screen. You may also send us a request via [email protected] to request access to, correct or delete any Personal Data that you have provided to us. We can only delete credit card information in accordance with our standard retention policy. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
SPECIAL U.S. PRIVACY INFORMATION
If you are a California, Colorado, Virginia, Connecticut or Utah resident, state law may provide you with additional rights regarding our use of your Personal Data.
Some of the Personal Data we collect information constitutes “personal information” under the California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act of 2020 (“CPRA”) or “personal data” under the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“ColoPA”), the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“CTDPA”), Utah Consumer Privacy Act (“UCPA”), or other similar state laws.
In particular, within the last twelve (12) months, we collected (whether directly, indirectly (e.g., by observing your actions on the Website) or from third parties) the categories of Personal Data, which constitute “personal information” or “sensitive personal information” under the CCPA and CPRA or “personal data” or “sensitive data” under the VCDPA, ColoPA, CTDPA, UCPA or other similar state laws, listed in the table below. Any such “sensitive personal information” or “sensitive data” is referred to as “Sensitive Data” herein. Any such collection has been for of the purposes included in the appropriate section of the HOW WE USE YOUR INFORMATION section above.
For the purposes of this Section, Personal Data does not include publicly available information from government records, lawfully obtained, truthful information that is a matter of public concern, deidentified or aggregated consumer information or information specifically excluded from the scope of applicable data protection laws, such as health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data or other biomedical research study or personal information covered by certain sectorspecific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), the Federal Farm Credit Act of 1971, and the Driver’s Privacy Protection Act of 1994.
We have not sold any Personal Data or Sensitive Data of consumers in the last twelve (12) months. As used herein, “sell” or “sold” is used as defined in applicable law, such as the CPRA, VCDPA, ColoPA, CTDPA, and UCPA.
QDOBA obtains the categories of Personal Data listed above from the following categories of sources:
Directly from you when you provide it to us or a third party acting on our behalf.
Automatically as you navigate through our Website.
Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
We may disclose your Personal Data or Sensitive Data to a third party for business purposes. When we disclose Personal Data or Sensitive Data for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Data and Sensitive Data confidential and not use it for any purpose except performing the contract. We disclosed this Personal Data or Sensitive Data, as applicable, for a business purpose to the following categories of third parties:
email service providers,
consumer relations, including consumer complaint response services,
employee recruitment, career portal and job applicant services,
legal representation, including with regard to prevention harm to our company, its subsidiaries, our products or services or a person or property (e.g., fraud prevention); and
shareholder record-keeping, notice, transfer agent and other investor relation services.
We may “share” your Personal Data with third parties, but we will not “share” your Sensitive Data with third parties. As used herein, “share” refers to sharing for purposes of cross-context behavioral advertising or targeted advertising, as contemplated under applicable law, such as the CPRA, VCDPA, ColoPA, CTDPA, and UCPA. Applicable law prohibits third parties who purchase or receive the Personal Data from reselling or resharing it unless you have received explicit notice and an opportunity to opt-out of further sales or sharing.
We share your Personal Data with the following categories of third parties for cross-context behavioral advertising:
Social media companies.
Internet cookie information recipients, like Google.
As applicable, certain state privacy laws, such as the CCPA, CPRA, ColoPA, VCDPA, CTDPA, and UCPA provide their residents, respectively, with specific rights regarding their Personal Data.
Access to Specific Information and Data Portability Rights. You have the right to request that we disclose certain information to you about our collection and use of your Personal Data and Sensitive Data.
Once we receive and verify your request (please see Subsection Exercising Access, Data Portability, Correction, and Deletion Rights below for more information), we will disclose to you, as applicable:
The categories of Personal Data and Sensitive Data we collected about you.
The categories of sources for Personal Data and Sensitive Data we collected about you.
Our business or commercial purpose for collecting or sharing that Personal Data or Sensitive Data, as applicable.
The categories of third parties with whom we disclose Personal Data and Sensitive Data.
The specific pieces of Personal Data and Sensitive Data we collected about you (also called a data portability request).
If we disclosed your Personal Data or Sensitive Data for a business purpose, a list disclosing the Personal Data or Sensitive Data categories that we disclosed for a business purpose and for each category identified, the categories of third parties to whom we disclosed that particular category of Personal Data or Sensitive Data, as applicable.
Correct Specific Information. You may have the right to request that we correct inaccurate Personal Data about you. Once we receive and verify your request (please see Subsection Exercising Access, Data Portability, Correction, and Deletion Rights below for more information), we will use commercially reasonable efforts to correct the information to comply with your request. This right is not afforded to residents of Utah.
Deletion Request Rights. You have the right to request that we delete any of your Personal Data or Sensitive Data that we collected from you and retained, subject to certain exceptions. Once we receive and verify your request (please see Subsection Exercising Access, Data Portability, Correction, and Deletion Rights below for more information), we will delete (and direct our service providers to delete) your Personal Data or Sensitive Data, as applicable, from our records, unless an exception applies. In responding to your request, we will inform you whether or not we have complied with the request, and, if we have not complied, provide you with an explanation as to why.
We may deny your deletion request if retaining the information is necessary for us, or our service provider(s), to:
Complete the transaction for which we collected the Personal Data or Sensitive Data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
Help to ensure security and integrity to the extent the use of your Personal Data or Sensitive Data is reasonably necessary and proportionate for those purposes.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise his/her free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Right to Limit Use and Disclosure of Sensitive Data. You may have the right, at any time, to direct us to limit our use and disclosure of your Sensitive Data to use which is necessary for certain purposes enumerated in applicable law (“Enumerated Purposes”). To the extent we use or disclose your Sensitive Data for purposes other than the Enumerated Purposes, you have the right to limit such use or disclosure. However, if our use and disclosure of your Sensitive Data is limited to the Enumerated Purposes, you do not have such right. To the extent applicable, you may also have the right to withdraw the consent you provided for our use and disclosure of your Sensitive Data.
The Enumerated Purposes include the following:
To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services.
To detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted Personal Data, including Sensitive Data.
To resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for those actions.
To ensure the physical safety of natural persons.
For short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with us, provided that we will not disclose the Sensitive Personal Data, to another third party and will not use it to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with us.
To perform services on behalf of us, such as maintaining or servicing accounts, providing customer service, processing, or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of our business.
To verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by us.
For purposes that do not infer characteristics about you.
Currently, we do not use Sensitive Data for purposes other than the Enumerated Purposes above.
Personal Data Sharing Opt-Out and Opt-In Rights.
Pursuant to applicable law, you have the right to direct us to not share your Personal Data at any time (the “right to opt-out”). As used herein, “share” refers to sharing for purposes of cross-context behavioral advertising or targeted advertising, as contemplated under applicable law, such as the CPRA, VCDPA, ColoPA, CTDPA, and UCPA.
We do not have actual knowledge that we sell or share the Personal Data of consumers under 16 years of age. We do and will not sell or share the Personal Data of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to Personal Data sharing may opt-out of future sharing at any time.
To exercise the right to opt-out, you (or your authorized agent) may submit a request to us by visiting the following Internet Web page link: Do Not Share My Personal Data
You may also exercise the right to opt-out using an opt-out preference signal in a format commonly used and recognized by businesses, such as through an HTTP header field. When we receive an opt-out preference signal, we will treat it as a valid request to opt-out of the sale or sharing for that browser or device sending the signal, and, if known, for the consumer.
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize Personal Data sharing. However, you may change your mind and opt back into Personal Data sharing at any time by logging into your account or visiting the following Internet Web link: QDOBAConsumer Requests
You do not need to create an account with us to exercise your opt-out rights. We will only use Personal Data provided in an opt-out request to review and comply with the request.
Exercising Access, Data Portability, Correction and Deletion Rights.
To exercise the access, data portability, correction, and deletion rights described above, please submit a consumer request to us through one of the following:
Toll-Free Phone: 866-500-0094
Email: [email protected]
QDOBA RESTAURANT CORPORATION
Attention: Privacy Request
350 Camino de La Reina, Suite 400
San Diego, California 92108
Your Account: Click “Profile”, then click “Permanently Delete My Account”.
Online: QDOBA Consumer Requests
If you use one of the request methods above, we will request certain information for verification purposes, such as your name, address, and e-mail address. We will use this information to verify this is a permitted request, such as by matching your name and address with information in our records. Depending on the type of request, we may require a certain number of data points to allow for verification.
Only you, or a person properly authorized to act on your behalf, may make a verifiable consumer request related to your Personal Data. You may also make a verifiable consumer request on behalf of your minor child.
An authorized agent may make a request on your behalf using the request methods designated above. Additionally, if you use an authorized agent to submit a consumer request, we may require the authorized agent to provide proof that you gave the agent signed permission to submit the request. We may also require you to verify your own identity directly with us or directly confirm with us that you provided the authorized agent permission to submit the request.
To the extent permissible under applicable law, you may only make a consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
Provide sufficient information that allows us to reasonably verify whether you are the person about whom we collected Personal Data or an authorized agent of such person.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you.
Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to Personal Data associated with that specific account.
We will only use Personal Data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
If we deny your request, you may have the right to appeal against our decision. Further, if you appeal and your appeal is denied, you may have the right to complain to your state’s attorney general. You may appeal your decision by contacting us at [email protected].
For instructions on exercising sale or sharing opt-out rights, see Personal Data Sharing Opt-Out and Opt-In Rights.
Response Timing and Format. In accordance with applicable law, we endeavor to respond to consumer requests within forty-five (45) days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing. If you have an account with us, we may deliver our written response to that account. If you do not have an account with us, we may deliver our written response by mail or electronically, at your option.
The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination. We will not discriminate against you for exercising any of your rights. Unless permitted by applicable laws, in connection with you exercising your rights, we will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by applicable laws that can result in different prices, rates, or quality levels. Any legally permitted financial incentive we offer will reasonably relate to your Personal Data’s value to us and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
Other California Privacy Rights. California Civil Code Section § 1798.83 permits California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make these requests, please send an email to [email protected] or by mail to Privacy Request, 350 Camino de La Reina San Diego, California, 92108.
Notwithstanding anything herein to the contrary, if you are a resident of Canada, the following provisions shall apply (and trump all conflicting provisions in this policy):
We will not send you any online newsletter or email marketing communication unless you express consent to receive such newsletters or communications from us.
Prior to receiving any such newsletter or email marketing communications, you will be given the opportunity to consent to receive such communications from us. If you opt-in to receive such communications, we may use the information to communicate with you regarding our products, services, and promotions, to provide you with other information that you request, and/or to improve our product and service offerings.
You will always have the opportunity to “unsubscribe” from receiving the e-mail or other communication at any time. You can unsubscribe by clicking on the “unsubscribe” link found at the bottom of any of our emails, or by contacting us at:
QDOBA RESTAURANT CORPORATION Attention: Guest Relations 350 Camino de La Reina, Suite 400 San Diego, California 92108
You can also “unsubscribe” from promotional emails through changing your personal preferences by logging into your QDOBA Rewards account on the Website or QDOBA mobile application and visiting your Profile.
Please be aware that we are headquartered in, and many of our third-party service providers are be located within, the United States, and as a result your information will be transferred to the United States.
We do not directly advertise to any children under the age of 16, including, without limitation, any children under the age of 16 living in Quebec.
We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. Any payment transactions will be encrypted.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted via our Services. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained in the Services.
INFORMATION RECEIVED FROM THIRD PARTIES
If you choose to connect your account on our Services to your account on another Service, we may receive information from the other service, such as a third-party delivery platform. You may also choose to grant us access to your data from another service. You can stop sharing the information from the other service with us by removing our access to that other service.
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about any third party’s policies or procedures, you should contact the responsible provider directly.
We may amend this policy at any time. If we make any material changes in the way we collect, use, and/or share your personal data or to this policy, we will notify you by prominently posting notice of the changes on the websites and apps covered by this policy and as otherwise required by law (if any). The date this policy was last revised is identified at the top of the page. We encourage you to review this page periodically for the latest information on our policy.