Legal

California Franchisee Privacy Policy

Chick-fil-A, Inc. (“we”, “Company” or "CFA") is committed to protecting the privacy and security of personal information of its current and former Chick-fil-A franchisees ("Franchised Operators " or "you"). We collect information about you ("personal information") in connection with your operation of a Chick-fil-A restaurant as outlined in this privacy policy to California Franchised Operators ("Privacy Policy"). We do not sell or share, and in the past 12 months we have not sold or shared, personal information as defined under applicable law, including personal information of individuals we know to be under 16 years of age.

If you have any questions about this Privacy Policy or need access to this Privacy Policy in an alternative format for accessibility, please contact us by emailing FranchisePrivacy@chick-fil-a.com. This Privacy Policy may be updated from time to time to reflect changes in our personal information practices, and we will notify you of any such changes pursuant to applicable law.

1. WHAT CATEGORIES OF FRANCHISED OPERATOR INFORMATION DO WE COLLECT?

We collect, and within the past 12 months have collected, the following categories of personal information directly from Franchised Operators, through their access to our online solutions, and from Customers and CFA Employees. In connection with your operation of a Chick-fil-A restaurant, we may collect the following categories of personal information about you:

Category	Examples	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security Number, driver's license number, or other similar identifiers	Yes
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security Number, address, telephone number, passport number, driver's license or state identification card number, education, employment, employment history, bank account number, or any other financial information. Some personal information included in this category may overlap with other categories	Yes
C. Protected classification characteristics under California or federal law.	Age, race/ethnicity, national origin, marital status, medical condition, gender, or veteran or military status collected voluntarily	Yes
D. Commercial information.	Records of personal property, products or services purchased, or other purchasing or consuming histories or tendencies obtained from background or credit history checks	Yes
E. Biometric information.	N/A	No
F. Internet or other similar network activity.	Information on your interaction with a CFA website, CFA application, or CFA advertisement	Yes
G. Geolocation data.	N/A	No
H. Sensory data.	Audio, visual, or similar information such as voice mail messages and audio recordings	Yes
I. Professional or employment-related information.	Current or past job history or performance evaluations	Yes
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	N/A	No
K. Inferences drawn from other personal information.	Profile reflecting a person’s preferences and characteristics	Yes
L. Sensitive Personal Information	Social Security Number, driver’s license number, state identification card number, or passport number; precise geolocation; or race/ethnicity * Please note we do not collect sensitive personal information for the purpose of inferring characteristics about Franchised Operators.	Yes*

To the extent we or our third-party service providers collect additional categories of information beyond those discussed above, additional notice will be provided, and we or our third-party service providers will ask for your consent before collecting such additional categories of personal information, as required by law.

Personal information does not include information: (a) excluded from the scope of personal information under applicable law, (b) that is publicly available information or (c) that is deidentified or aggregate information.

2. HOW DO WE USE PERSONAL INFORMATION OF FRANCHISED OPERATORS?

Personal information collected from or about Franchised Operators may be used for the following business purposes:

To provide initial and ongoing training on brand standards and operational requirements to new Franchised Operators, to manage our relationships, and to foster a culture of care.
To facilitate collection of franchise fees from Franchised Operators.
To support fundamental operational needs and business necessity.
To manage our engagement with Franchised Operators.
To perform business research and analytics.

To protect the Company, Customers, and Franchised Operators’, property, equipment, and confidential information; to monitor Franchised Operators' performance; and to enforce the Company’s policies.
To comply with applicable law.
To help ensure security and integrity to the extent the use of the Franchised Operators’ personal information is reasonably necessary and proportionate for these purposes.
For debugging to identify and repair errors that impair existing intended functionality.
For short-term, transient use, provided that the Franchised Operators’ personal information is not disclosed to another third party and is not used to build a profile about the Franchised Operators or otherwise alter the Franchised Operators’ experience outside the current interaction with the business.
To undertake internal research for technological development and demonstration.

To undertake activities to verify or maintain the quality or safety of a service or device that is owned by, manufactured by, manufactured for, or controlled by CFA, and to improve, upgrade, or enhance the service or device that is owned by, manufactured by, manufactured for, or controlled by CFA.

While relatively uncommon, there may be occasions when we use personal information of Franchised Operators for other purposes permitted under applicable law, for example, when we are required to disclose information in connection with contractual or legal matters such as information necessary to respond to law enforcement and governmental agency requests (i.e., subpoenas); comply with legal and contractual obligations; exercise legal and contractual rights; and initiate or respond to legal claims.

In certain instances, we may maintain and use information in a deidentified form. If we do so, we do not attempt to reidentify the information, except for the sole purpose of determining whether our deidentification processes satisfy the requirement under applicable law.

3. HOW DO WE DISCLOSE PERSONAL INFORMATION OF FRANCHISED OPERATORS?

Some personal information, such as Franchised Operators’ contact information, may be disclosed to Employees, independent contractors, or agents of CFA and our affiliates with access to @CFA. Franchised Operators’ personal information may also be collected by or disclosed to Customers, CFA Employees, data analytics providers, or other service providers. We disclose, and in the past 12 months have disclosed, all categories of personal information we collect about Franchised Operators, which may include your information, to our IT service providers, data analytics providers, travel agencies, and other third-party service providers so they can perform services on our behalf. In addition, we also disclose Franchised Operators’ business contact information such as work email addresses, work phone numbers, and street addresses to our Employees, independent contractors, agents, Customers, suppliers and business partners so they can contact you and/or perform services for CFA.

4. HOW LONG DO WE RETAIN YOUR PERSONAL INFORMATION?

We retain and process Franchised Operators’ personal information for the length of time needed to carry out the purposes described in the Privacy Policy, and to the extent necessary to manage our relationships with Franchised Operators, comply with our legal obligations, resolve disputes, and enforce our agreements, consistent with our retention policy.

5. WHAT RIGHTS DO YOU HAVE UNDER CALIFORNIA PRIVACY LAW?

California residents have certain rights related to personal information, including:

The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you.
The right to request that we delete personal information collected from you. However, please note that we may deny your deletion request as permitted under applicable law because we maintain and use personal information of Franchised Operators only for the length of time needed to carry out the purposes described in this Privacy Policy.
The right to request that we correct inaccurate personal information we maintain about you.

You may request to exercise these rights by:

Calling us toll-free at 1-800-232-2677; or
Completing our rights request form using the links below:
- If you are a current Franchisee, please submit a request using this form.
- If you are a former Franchisee, please submit a request using this form.

Please note that we will take steps to verify your identity before granting you access to information or acting on your request to exercise your rights as required by applicable law. We may require you to provide your name, work email address, mobile phone number, and last 4 digits of your Social Security Number to verify your identity in response to requests of the above type. We may limit our response to your exercise of the above rights as permitted under applicable law. When you submit a request to exercise your rights above, we will use the information you provide to process your request and to maintain a record of your request and our response, as permitted under applicable law.

6. HOW CAN YOUR AUTHORIZED AGENT EXERCISE YOUR RIGHTS ON YOUR BEHALF?

You may designate an authorized agent to make a request on your behalf here. You may make such a designation by providing the agent with written permission to act on your behalf. We will require the agent to provide proof of that written permission. We may require you to verify your own identity in response to a request, even if you choose to use an agent, to the extent permitted by law.

7. Non-Discrimination

We may not discriminate against you because of your exercise of any of the above rights or any other rights, subject to the rights and the obligations under the California Consumer Privacy Act. For example, we may not retaliate against you for exercising your rights under applicable law.

8. WHAT IS OUR PRIVACY POLICY FOR CUSTOMERS?

We also respect your privacy as a CFA Customer. CFA's privacy policy that applies to Customers, prospective Customers and other third parties is located at: https://www.chick-fil-a.com/legal/privacy/chick-fil-a-privacy-policy

Was this answer helpful?

Yes No

Find a Restaurant