LAST UPDATED AND EFFECTIVE AS OF JANUARY 1, 2023
We collect, and within the past 12 months have collected, the following categories of personal information directly from Suppliers, through your devices used to access our online solutions, or from our employees and data analytics providers. In connection with your provision of products and/or services to us, we may collect the following categories of personal information about you:
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security Number, driver's license number, or other similar identifiers.||Yes|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, address, telephone number, driver's license or state identification card number, bank account number or any other financial information. Some personal information included in this category may overlap with other categories.||Yes|
|C. Protected classification characteristics under California or federal law.||Gender, or veteran or military status.||Yes|
|D. Commercial information.||N/A||No|
|E. Biometric information.||N/A||No|
|F. Internet or other similar network activity.||Internet or other electronic network activity information on Chick-fil-A-issued devices, including but not limited to: IP address; online tracking ID; browsing history; search history; information about your interactions with an internet website or application; and preferences related to digital communication.||Yes|
|G. Geolocation data.||N/A||No|
|H. Sensory data.||Audio information like voicemails or meeting audio recordings; visual information, such as photographs; or other similar information.||Yes|
|I. Professional or employment-related information.||Current or past job and work history, company name, job title, office locations, professional memberships, qualifications, and certifications; educational background and language capabilities; references, letters of recommendation and interview notes; areas of interest and work preferences; travel-related history and details (e.g., known traveler number); information necessary for reimbursement, including expense details; title/position, business unit/division, line or reporting manager, department/organization and region/location of office; work-related contact details, and technical skills; training records; emergency contact information; and work time.||Yes|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education & training history, degrees, and languages; and educational performance.||Yes
|K. Inferences drawn from other personal information.||Profile reflecting a person's abilities and preferences.||Yes|
|L. Sensitive Personal Information||Social Security Numbers, drivers’ license number, state identification cards numbers, account usernames and passwords used in connection with your role as a Supplier, and financial information under certain circumstances.
* Please note we do not collect sensitive personal information for the purpose of inferring characteristics about our Suppliers.
To the extent we or our third-party service providers collect additional categories of information beyond those discussed above, additional notice will be provided, and we or our third-party service providers will ask for your consent before collecting such additional categories of personal information, as required by law.
Personal information does not include information: (a) excluded from the scope of personal information under applicable law, (b) that is publicly available information or (c) that is deidentified or aggregate information.
Personal Information collected from or about Suppliers is used for the following business purposes:
While relatively uncommon, there may be occasions when we use personal information of Suppliers for other purposes permitted under applicable law, for example, when we are required to disclose information in connection with contractual or legal matters, such as information necessary to respond to law enforcement and governmental agency requests (i.e., subpoenas); comply with legal and contractual obligations; exercise legal and contractual rights; and initiate or respond to legal claims.
In certain instances, we may maintain and use information in a deidentified form. If we do so, we do not attempt to reidentify the information, except for the sole purpose of determining whether our deidentification processes satisfy the requirement under applicable law.
We collect this information to contact a Supplier’s designated emergency contact persons in the event of an emergency.
Some personal information, such as Suppliers’ contact information, may be disclosed to employees, independent contractors, or agents of CFA and our affiliates. Suppliers’ personal information may also be collected by or disclosed to customers, employees, or data analytics providers. We disclose, and in the past 12 months have disclosed, all categories of personal information we collect about Suppliers to our IT service providers and other third-party service providers so they can perform services on our behalf. In addition, we also disclose Suppliers’ business contact information, such as work email addresses, work phone numbers, and street addresses to our employees, independent contractors, agents, customers, and other Suppliers so they can contact you and/or perform services for CFA.
California residents have certain rights related to personal information, including:
You may request to exercise these rights by:
Please note that we will take steps to verify your identity before granting you access to information or acting on your request to exercise your rights as required by applicable law. We may require you to provide your name, company name, work email address used for that company, title at that company, and contact email address to verify your identity in response to exercising requests of the above type. If you are a contingent worker, we may require you to provide your name, email address you use in connection with your engagement with CFA, employment company name, phone number, CFA Manager or CFA Staff Contact to verify your identity in response to exercising requests of the above type. We may limit our response to your exercise of the above rights as permitted under applicable law. When you submit a request to exercise your rights above, we will use the information you provide to process your request and to maintain a record of your request and our response, as permitted under applicable law.
You may designate an authorized agent to make a request on your behalf. Authorized agents for contingent workers can submit a request from here. Authorized agents for other Suppliers can submit a request from here. You may make such a designation by providing the agent with written permission to act on your behalf. We will require the agent to provide proof of that written permission. We may require you to verify your own identity in response to a request, even if you choose to use an agent, to the extent permitted by law.
We may not discriminate against you because of your exercise of any of the above privacy rights or any other privacy rights, subject to the rights and the obligations under the California Consumer Privacy Act. For example, we may not retaliate against you for exercising your privacy rights under applicable law.
Was this answer helpful?