This Privacy Notice describes the information that TH UK & IRELAND Limited (Company number 10303138) (THUKI) collects and how it is used and shared.
This policy applies to any information that you provide or that is collected about you by THUKI when you visit Tim Hortons® restaurants in the United Kingdom, use the timhortons.co.uk website, or use any website, mobile or tablet application, digital in-restaurant kiosk, or other online service or platform provided by THUKI or any other THUKI company that links or refers to it (collectively, the "Services").
The Services are independently owned and operated by THUKI. THUKI has a master franchise agreement with The TDL Group Corp.(TDL), an affiliate of Restaurant Brands International Inc. (RBI).
We set out below the highlights of this Privacy Notice. The full policy is set out below the 'highlights'.
Information We Collect
We collect various types of information, including personal information, about our users in connection with the Services. This is information about you that you give us by filling in forms on our website, that may be provided by you when you visit Tim Hortons® restaurants or by corresponding with us by phone, e-mail or otherwise. Such information includes:
- Information you provide to us;
- Information we collect about your use of our Services; and
- Information we obtain from third-party sources.
We also may collect information in ways that we describe to you at the point of collection or otherwise with your consent.
How We Use Information
We use the information you provide or that we collect to, among other things:
- Operate and manage our stored-value card program (where applicable);
- Provide and manage the products and Services you request;
- Communicate with you about our products, services, and promotions;
- Deliver targeted advertising, promotions, and offers; and
- Understand our customers so that we can develop and improve our customer service, promotions, products, and Services.
- To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about
We may otherwise use your information with your consent or at your direction.
Sharing of Information
We may share your information with:
We may provide aggregated information, and data with personal identifiers removed, to third parties to describe how our customers are using the Services. We also may share information about you with third parties whenever you consent to or direct such sharing.
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
- Affiliates, franchisor and franchisor’s related companies, including but not limited to Burger King, Tim Hortons and Restaurant Brands International;
- Selected third parties including business partners, service providers, and social media service providers;
- Companies that provide content, advertising, or functionality relating to our Services; and
- Other parties when required or permitted by law, as necessary to protect our users, or in connection with a corporate transaction.
Online Advertising and Cookies
Privacy and Access Choices Available To You
The full THUKI Privacy Notice below provides information about how to manage the privacy and access choices available to you. For example, you may block cookies and similar technologies, opt out of receiving certain targeting advertising, and opt out of receiving commercial communications. In some circumstances, you also may have a right to access, update, and correct inaccuracies in your personal data.
Data Security and Other Important Information
- We have in place certain procedures to protect your personal information in our custody and control, but cannot guarantee the security of our Services or our control over your information when it is transmitted over the Internet.
- The full THUKI Privacy notice below provides additional important information about our data security practices, links to third party sites, children’s privacy, California privacy rights, and international transfers of information.
Last revised 22nd May 2018
1. Information We Collect
We may collect personal information about you when you use our online services or visit one of our restaurants.
For example, when you:
- purchase items at our restaurants;
- register to receive emails from us relating to our products, services, discounts, offers, competitions and/or events;
- connect to our Wi-Fi networks;
- contact us (for example with a question or to provide feedback).
The types of personal information we may collect include:
- your personal details such as name, gender, e-mail address, postal address, phone number, date of birth;
- information about your use of a discount or offer;
- information about which Tim Hortons restaurants you have visited (for example, when you connect to a restaurant’s Wi-Fi network);
- your contact and marketing preferences;
- other personal information you provide to us.
Other Information We Collect. We also may collect other information about you, your device, or your use of the Services in ways that we describe to you at the point of collection or otherwise with your consent.
Time Scales. Information that we hold on you will be retained for 12 months since our last contact, there are exceptions to this, if for example you are employed by us there is data we will hold for longer periods. The exception to this is if you are employed by us, the details of which are then available in your employment contract.
2. How We Use Information
To Provide and Manage the Products and Services You Request. We use information that we collect, with your consent, to enable you to participate in features provided by the Services and in-restaurant, provide you with tailored offers, and improve the Services that we provide to you. From time to time, we may offer you the ability to personalize our products and Services, such as by uploading a photo or other information. We may also use services provided by third parties (such as social media platforms) to serve targeted ads to you and others on such platforms. You will be given the opportunity to opt in, if you have any queries with regards to this please contact GDPR@timhortons.co.uk.
To Respond to You. When you contact us, we may collect information that identifies you (such as your name, address and a phone number) along with additional information we need to help us promptly answer your question or respond to your comment. We retain this information to assist you in the future and to improve our customer service, products, Services, and promotions.
When you Make A Purchase. You do not have to provide any personal information when you purchase merchandise with cash at a restaurant. If you use a credit or debit card for your purchase, your debit or credit card-related information will be collected to process and administer your payment. When you make purchases through the online Services, we may collect information such as your name, email address, billing address, the email or mailing address for delivery (if applicable), phone number, and payment card information. This information is used to process, fulfil and deliver your order.
To Contact You. We may contact you with offers and information about the Services and our affiliates, including to inform you about our products, events, promotions, and special offers that may be tailored to your interests. You may opt out of receiving commercial messages from us by following the instructions contained in our electronic messages or by contacting us as set out below.
To Deliver Targeted Advertising. We may use your information, including your location information, to facilitate the delivery of targeted ads, promotions, and offers to you, on behalf of ourselves, select business partners, and advertisers, on and off the Services. (See “Interest-Based Advertisements” section below.). You have the right to ask us not to process your personal data for marketing purposes. You can do this by contacting our Privacy Officer using the email GDPR@timhortons.co.uk.
To Better Understand Our Customers and to Improve Our Services. In the course of providing the Services, we may collect information on our users' demographics, interests and behaviour and analyse that data. We do this to better understand and serve our users, and to improve our products and Services.
When You Use a “Share with a Friend” or Similar Feature on the Services. The Services may offer a “share with a friend” or other similar feature which permits you to electronically send content from the Services to others by providing us with their contact information. Except where permitted by law, we do not use the contact information you provide when using this feature for other unrelated purposes without your consent or the consent of the recipient, as applicable. Please ensure that you only submit contact information for individuals you know and who would want to receive the content you share with them.
When you apply for a job. In the course of considering your application for employment we will assess your suitability for the position and share your information internally with the hiring manager. Your details will be held for up to 12 months in order to perform a contract with you.
Consent. We may otherwise use your information with your consent or at your direction.
3. The Legal Basis For Processing Your Information
Under GDPR, the main grounds that we rely upon in order to process your Information are the following:
- Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your Information. We may also be obliged by law to disclose your Information to a regulatory body or law enforcement agency;
- Necessary for the purposes of legitimate interests - either we, or a third party, will need to process your Information for the purposes of our (or a third party's) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your Information protected. Our legitimate interests include responding to requests and enquiries from you or a third party, fulfilling takeaway, gift card, optimising our website and customer experience, informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner;
- Consent – in some circumstances, we may ask for your consent to process your Information in a particular way;
- Necessary to perform a contract with you. Should you apply for a job role with us, for example, the lawful basis for us processing your data is in order for us to agree a contract of employment for you.
4. Sharing of Information
The following provides information about entities with which we may share information. Our practices vary depending on the type of information and sharing.
Affiliates. We may share information within our family of affiliated companies (Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006) so that we may provide offers from those companies that may be relevant to you, better understand your preferences, and improve our Services.
Franchisees. We may share information with local owners of Burger King® and Tim Hortons® restaurants, particularly when they will work with us in delivering Services to you. For example, local restaurants will implement delivery and take-away services that you may request through the Services. We also may provide our franchisees with information so that a local restaurant may provide you with offers and promotions that might interest you.
Business Partners. We may also share your information with business partners to provide you with Services that you request. For example, if you sign up for a promotion that runs on our Services but that is sponsored or co-sponsored by another company, your information may be shared with that sponsor. We are not responsible for the privacy practices of these entities and recommend you review their privacy policies carefully.
Service Providers. We may share information with companies providing services on our behalf, such as delivery services, hosting vendors, advertising service providers, data analytics companies, marketing service companies, and list managers. We also may share your information, including your payment information, as appropriate to process your payments for the Services or complete a transaction. Our service providers are given the information they need to perform their designated functions, and we do not authorize them to use or disclose personal information for their own marketing or other unrelated purposes.
Other Parties When Required or Permitted by Law, or As Necessary to Protect Our Users and Services. We and our service providers (including affiliates) may use and share your personal information as we believe is necessary or appropriate to protect, enforce, or defend the legal rights, privacy, safety, or property of the Services, our employees or agents or users, to detect, suppress or prevent fraud or where otherwise required or permitted by applicable law or legal process, including responding to a search warrant or other legally valid requests from public and government authorities (which may include lawful access by U.K. or other governmental authorities, courts or law enforcement agencies).
Other Parties in Connection With a Corporate Transaction. We reserve the right to transfer any information we have about you in the event that we sell or transfer all or a portion of our business or assets to a third party, such as in the event of a merger, acquisition, or in connection with a bankruptcy reorganization.
Aggregated Data. We also may provide aggregated information, and data with personal identifiers removed, to third parties to describe how our customers are using the Services.
5. Online Advertising and Cookies
Cookies serve many useful purposes. For example:
- Cookies can remember your sign-in credentials so you do not have to enter those credentials each time you visit a Service
- Cookies can help us and third parties understand which parts of our Services are the most popular because they help us see which pages and features visitors access and how much time they spend on the pages. By studying this kind of information, we are better able to adapt our Services and provide you with a better experience.
- Cookies help us and third parties understand which ads you have seen so that you don’t receive the same ad each time you access a Service.
How Long Are Cookies Stored For?
Persistent Cookies. These cookies remain on a user's device for the period specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.
Session Cookies. These cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.
Beacons. We, along with third parties, also may use technologies called beacons (or “pixels”) that communicate information from your device to a server. Beacons can be embedded in online content, videos, and emails, and can allow a server to read certain types of information from your device, know when you have viewed particular content or a particular email message, determine the time and date on which you viewed the beacon, and the IP address of your device. We and third parties use beacons for a variety of purposes, including to analyze the use of our Services and (in conjunction with cookies) to provide content and ads that are more relevant to you both on and off the Service.
Cookies Used On Our Websites
A list of all the cookies used on the Timhortons.co.uk websites by category is set out below.
Strictly Necessary Cookies. These cookies enable services you have specifically asked for. These cookies are essential to enable you to move around our website and use its features, such as accessing secure areas of the website.
These cookies collect anonymous information on the pages visited. By using the website, you agree that we can place these types of cookies on your device. These cookies collect information about how visitors use the website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don't collect information that identifies a visitor. All the information these cookies collect is anonymous. The only purpose of these are to improve how the site works.
Functionality Cookies. These cookies remember choices you make to improve your experience. By using the website, you agree that we can place these types of cookies on your device.
These cookies allow our website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect are anonymised and they cannot track your browsing activity on other websites.
Third Party Cookies. These cookies allow third parties to track the success of their application or customise the application for you. Because of how cookies work we cannot access these cookies, nor can the third parties access the data in cookies used on our site. For example, if you choose to ‘share’ content through Twitter or other social networks you might be sent cookies from these websites. We don't control the setting of these cookies, so please check those websites for more information about their cookies and how to manage them.
When someone visits the Tim Hortons UK website we may use a third-party service such as, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
Removing Cookies. If you do decide you’d like to remove cookies from your device we know how to help. Below are links to the most common internet browsers around, if your browser is not listed here please refer to the help section in your own browser.
Beacons. We, along with third parties, also may use technologies called beacons (or “pixels”) that communicate information from your device to a server. Beacons can be embedded in online content, videos, and emails, and can allow a server to read certain types of information from your device, know when you have viewed particular content or a particular email message, determine the time and date on which you viewed the beacon, and the IP address of your device. We and third parties use beacons for a variety of purposes, including to analyse the use of our Services and (in conjunction with cookies) to provide content and ads that are more relevant to you both on and off the Service.
Local Storage & Other Tracking Technologies. We, along with third parties, may use other kinds of technologies, such as Local Shared Objects (also referred to as “Flash cookies”) and HTML5 local storage, in connection with our Services. These technologies are similar to the cookies discussed above in that they are stored on your device and can be used to store certain information about your activities and preferences. However, these technologies may make use of different parts of your device from standard cookies, and so you might not be able to control them using standard browser tools and settings. For HTML5 local storage, the method for disabling HTML5 will vary depending on your browser. For Flash cookies, information about disabling or deleting information contained in Flash cookies can be found here.
Do-Not-Track Signals and Similar Mechanisms. Some web browsers may transmit “do-not-track” signals to the websites with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. Because there currently is no industry standard concerning what, if anything, websites should do when they receive such signals, the Services currently do not take action in response to these signals. If and when a final standard is established and accepted, we will reassess how to respond to these signals.
6. Privacy and Access Choices Available To You
Choices With Respect To Cookies and Similar Technologies. You may block cookies and similar technologies in your browser or device settings, see above, as and if permitted by such device.
Choices With Respect To Interest-Based Advertising. You may opt out of receiving targeted advertising from participating ad networks, audience segment providers, ad serving vendors, and other service providers by visiting websites operated by the Network Advertising Initiative, and Digital Advertising Alliance.
Data Access. Under the EU General Data Protection Regulation 2016/679 ("GDPR") you have the right to know what information we collect and hold on your, the right to update the information we hold and your right to erasure. To exercise any of these rights please contact GDPR@timhortons.co.uk. We may request certain personal information for the purposes of verifying the identity of the individual seeking access to their personal information records.
Email Promotions. You may opt out of receiving commercial email, text message, and other electronic messages from us by following the instructions contained in those messages.
7. Data Security
We have in place physical, electronic and managerial procedures to protect personal information in our custody and control against loss, theft and unauthorized access, use, modification and disclosure. However, as effective as these measures are, no security system is impenetrable. We cannot guarantee the security of our Services, nor can we guarantee that the information you provide will not be intercepted while being transmitted to us over the Internet.
8. Other Important Information
Children’s Privacy. We do not knowingly collect any personal information from children under the age of 13 without parental consent, unless permitted by law. If we learn that a child under the age of 13 has provided us with personal information, we will delete it in accordance with applicable law.
Links to Third-Party Sites. Our Services may link to third-party websites and services that we do not operate and are outside of our control. We are not responsible for the security or privacy of any information collected by other websites or other services. Please exercise caution and review the privacy statements applicable to the third-party websites and services you use.
Questions. Please contact our Privacy Officer at GDPR@timhortons.co.uk with any questions or concerns about this Privacy Notice or the manner in which we or our service providers treat your personal information