Legal

California Supplier and Contractor Privacy Policy

LAST UPDATED AND EFFECTIVE AS OF JANUARY 1, 2023

Chick-fil-A, Inc. ("we", "Company" or "CFA") is committed to protecting the privacy and security of personal information of our suppliers, vendors, contractors, contingent workers and other individuals who provide products or services ("you" or "Suppliers") within the context of our business transactions. We collect information about our Suppliers ("personal information") in connection with your provision of products and/or services to us, our affiliates and our franchisees, and for purposes as outlined in this privacy policy ("Privacy Policy"). We do not sell or share, and in the past 12 months we have not sold or shared, personal information as defined under applicable law, including personal information of individuals we know to be under 16 years of age.

If you are a contingent worker and have questions about this Privacy Policy or need access to this Privacy Policy in an alternative format for accessibility, please contact us by emailing TalentPrivacy@chick-fil-a.com; and for all other types of Suppliers, please contact us by emailing BusinessPrivacy@chick-fil-a.com. This Privacy Policy may be updated from time to time to reflect changes in our personal information practices, and we will notify you of any such changes pursuant to applicable law.

1. WHAT CATEGORIES OF SUPPLIER INFORMATION DO WE COLLECT?

We collect, and within the past 12 months have collected, the following categories of personal information directly from Suppliers, through your devices used to access our online solutions, or from our employees and data analytics providers. In connection with your provision of products and/or services to us, we may collect the following categories of personal information about you:

Category	Examples	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security Number, driver's license number, or other similar identifiers.	Yes
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, address, telephone number, driver's license or state identification card number, bank account number or any other financial information. Some personal information included in this category may overlap with other categories.	Yes
C. Protected classification characteristics under California or federal law.	Gender, or veteran or military status.	Yes
D. Commercial information.	N/A	No
E. Biometric information.	N/A	No
F. Internet or other similar network activity.	Internet or other electronic network activity information on Chick-fil-A-issued devices, including but not limited to: IP address; online tracking ID; browsing history; search history; information about your interactions with an internet website or application; and preferences related to digital communication.	Yes
G. Geolocation data.	N/A	No
H. Sensory data.	Audio information like voicemails or meeting audio recordings; visual information, such as photographs; or other similar information.	Yes
I. Professional or employment-related information.	Current or past job and work history, company name, job title, office locations, professional memberships, qualifications, and certifications; educational background and language capabilities; references, letters of recommendation and interview notes; areas of interest and work preferences; travel-related history and details (e.g., known traveler number); information necessary for reimbursement, including expense details; title/position, business unit/division, line or reporting manager, department/organization and region/location of office; work-related contact details, and technical skills; training records; emergency contact information; and work time.	Yes
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education & training history, degrees, and languages; and educational performance.	Yes
K. Inferences drawn from other personal information.	Profile reflecting a person's abilities and preferences.	Yes
L. Sensitive Personal Information	Social Security Numbers, drivers’ license number, state identification cards numbers, account usernames and passwords used in connection with your role as a Supplier, and financial information under certain circumstances. * Please note we do not collect sensitive personal information for the purpose of inferring characteristics about our Suppliers.	Yes*

To the extent we or our third-party service providers collect additional categories of information beyond those discussed above, additional notice will be provided, and we or our third-party service providers will ask for your consent before collecting such additional categories of personal information, as required by law.

Personal information does not include information: (a) excluded from the scope of personal information under applicable law, (b) that is publicly available information or (c) that is deidentified or aggregate information.

2. HOW DO WE USE PERSONAL INFORMATION OF SUPPLIERS?

Personal Information collected from or about Suppliers is used for the following business purposes:

To perform due diligence when selecting new Suppliers.
To onboard new Suppliers, for training and development, to manage our relationships, and to foster a culture of care.
To receive products or services.
To pay and/or reimburse Suppliers.
To manage our engagement with Suppliers.
To protect individuals and the public, and customers, employees, independent contractors, agents, property, equipment, and confidential information of the Company or our affiliates; to monitor Suppliers' performance; and to enforce the Company’s policies.
To comply with applicable law.
To help ensure security and integrity to the extent the use of Suppliers’ personal information is reasonably necessary and proportionate for these purposes.
For debugging to identify and repair errors that impair existing intended functionality.
For short-term, transient use, provided that a Supplier's personal information is not disclosed to another third party and is not used to build a profile about the Supplier or otherwise alter the Supplier's experience outside the current interaction with the business.
To undertake internal research for technological development and demonstration.
To undertake activities to verify or maintain the quality or safety of a service or device that is owned by, manufactured by, manufactured for, or controlled by CFA, and to improve, upgrade, or enhance the service or device that is owned by, manufactured by, manufactured for, or controlled by CFA.

While relatively uncommon, there may be occasions when we use personal information of Suppliers for other purposes permitted under applicable law, for example, when we are required to disclose information in connection with contractual or legal matters, such as information necessary to respond to law enforcement and governmental agency requests (i.e., subpoenas); comply with legal and contractual obligations; exercise legal and contractual rights; and initiate or respond to legal claims.

In certain instances, we may maintain and use information in a deidentified form. If we do so, we do not attempt to reidentify the information, except for the sole purpose of determining whether our deidentification processes satisfy the requirement under applicable law.

3. WHAT CATEGORIES OF EMERGENCY CONTACT INFORMATION DO WE COLLECT, AND HOW DO WE USE THIS INFORMATION ABOUT OUR SUPPLIERS?

In certain circumstances, we may collect the following categories of personal information from Suppliers for the purposes described below:

Identifiers such as name and contact information; and
Additional types of information described in California Civil Code § 1798.80(e) such as a Supplier’s relationship with the emergency contact person.

We collect this information to contact a Supplier’s designated emergency contact persons in the event of an emergency.

4.HOW DO WE DISCLOSE PERSONAL INFORMATION OF SUPPLIERS?

Some personal information, such as Suppliers’ contact information, may be disclosed to employees, independent contractors, or agents of CFA and our affiliates. Suppliers’ personal information may also be collected by or disclosed to customers, employees, or data analytics providers. We disclose, and in the past 12 months have disclosed, all categories of personal information we collect about Suppliers to our IT service providers and other third-party service providers so they can perform services on our behalf. In addition, we also disclose Suppliers’ business contact information, such as work email addresses, work phone numbers, and street addresses to our employees, independent contractors, agents, customers, and other Suppliers so they can contact you and/or perform services for CFA.

5. HOW LONG DO WE RETAIN YOUR PERSONAL INFORMATION?

We retain and process Supplier personal information for the length of time needed to carry out the purposes described in the Privacy Policy. We also retain Supplier personal information for related business purposes, and to the extent necessary to manage our relationships with Suppliers, comply with our legal obligations, resolve disputes, and enforce our agreements, consistent with our retention policy and as permitted by applicable law.

6.WHAT RIGHTS DO YOU HAVE UNDER CALIFORNIA PRIVACY LAW?

California residents have certain rights related to personal information, including:

The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you.
The right to request that we delete personal information collected from you. However, please note that we may deny your deletion request as permitted under applicable law because we maintain and use personal information of Suppliers only for the length of time needed to carry out the purposes described in this Privacy Policy.
The right to request that we correct inaccurate personal information about you.

You may request to exercise these rights by:

For contingent workers, you can submit a request to exercise these rights by:
- Calling us toll-free at 1 (833) 907-3207; or
- Completing our rights request form using this link.
For all other Suppliers, you can submit a request to exercise these rights by:
- Calling us toll-free at 1 (866)-232-2040; or
- Completing our rights request form using this link.

Please note that we will take steps to verify your identity before granting you access to information or acting on your request to exercise your rights as required by applicable law. We may require you to provide your name, company name, work email address used for that company, title at that company, and contact email address to verify your identity in response to exercising requests of the above type. If you are a contingent worker, we may require you to provide your name, email address you use in connection with your engagement with CFA, employment company name, phone number, CFA Manager or CFA Staff Contact to verify your identity in response to exercising requests of the above type. We may limit our response to your exercise of the above rights as permitted under applicable law. When you submit a request to exercise your rights above, we will use the information you provide to process your request and to maintain a record of your request and our response, as permitted under applicable law.

7. HOW CAN YOUR AUTHORIZED AGENT EXERCISE YOUR RIGHTS ON YOUR BEHALF?

You may designate an authorized agent to make a request on your behalf. Authorized agents for contingent workers can submit a request from here. Authorized agents for other Suppliers can submit a request from here. You may make such a designation by providing the agent with written permission to act on your behalf. We will require the agent to provide proof of that written permission. We may require you to verify your own identity in response to a request, even if you choose to use an agent, to the extent permitted by law.

8. NON-DISCRIMINATION

We may not discriminate against you because of your exercise of any of the above privacy rights or any other privacy rights, subject to the rights and the obligations under the California Consumer Privacy Act. For example, we may not retaliate against you for exercising your privacy rights under applicable law.

9. WHAT IS OUR PRIVACY POLICY FOR CUSTOMERS?

We also respect your privacy as our Customers. CFA's privacy policy that applies to our Customers and prospective Customers is located here.

Was this answer helpful?

Yes No

Find a Restaurant