Privacy Policy

This Privacy Policy describes how Church's Chicken ("we," "us," "our," or the "Company") collects, uses, discloses, retains, and protects your personal information when you visit or interact with our website located at chickchurchs.digital (the "Website"), use our online ordering services, participate in our loyalty programs, or otherwise engage with our digital and in-person services (collectively, the "Services"). Please read this Privacy Policy carefully before using our Services.

By accessing or using our Website or Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with these practices, please discontinue your use of our Services immediately.

This Privacy Policy is governed by and complies with applicable United States federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), the CAN-SPAM Act, the Children's Online Privacy Protection Act (COPPA), and other applicable state and federal regulations.

1. About Us and Contact Information

Church's Chicken is a food service company operating in the United States. We are committed to protecting the privacy of our customers, website visitors, and all individuals who interact with our digital platforms.

For all privacy-related inquiries, requests, or concerns, you may contact us directly at the email address listed above. We aim to respond to all privacy-related communications within 45 days of receipt, in accordance with applicable law.

2. Scope of This Privacy Policy

This Privacy Policy applies to all personal information collected by Church's Chicken through the following channels:

• Our Website at chickchurchs.digital and any related subdomains
• Online ordering platforms and third-party delivery integrations operated on our behalf
• Email communications, newsletters, and promotional campaigns
• Loyalty and rewards programs administered by us or our partners
• Customer service and support interactions (via phone, email, or chat)
• Social media pages and interactions on platforms we manage
• Offline interactions, such as in-store purchases and paper forms
• Surveys, contests, sweepstakes, and promotional activities

This Policy does not govern the privacy practices of third-party websites, applications, or services that may be linked from our Website. We encourage you to review the privacy policies of any third parties with whom you interact.

3. Information We Collect

We collect various categories of personal information depending on how you interact with our Services. The types of information we may collect include the following:

3.1 Personal Identification Information

When you create an account, place an order, sign up for promotions, or contact our customer service team, we may collect:

• Full name
• Email address
• Phone number
• Mailing or delivery address
• Date of birth (for age verification and birthday promotions)
• Username and password (for account creation)
• Photograph or profile image (if uploaded voluntarily)

3.2 Payment and Transaction Information

When you make a purchase through our Website or Services, we may collect:

• Credit or debit card details (processed securely through third-party payment processors)
• Billing address and billing name
• Transaction history and order details
• Gift card information
• Loyalty points and rewards account balances

Please Note: Full payment card numbers are not stored on our servers. All payment processing is handled by PCI-DSS compliant third-party payment processors.

3.3 Usage and Behavioral Data

When you visit or interact with our Website, we automatically collect information about your activity, including:

• Pages viewed and content interacted with
• Time and duration of your visit
• Referring URL or source through which you arrived at our Website
• Clickstream data and navigation paths
• Search queries made within our Website
• Items added to or removed from shopping carts
• Preferences and settings selected on our platform

3.4 Device and Technical Information

Our servers and analytics tools automatically collect certain technical data when you access our Website:

• IP address
• Device type (desktop, mobile, tablet)
• Operating system and version
• Browser type, version, and language settings
• Screen resolution
• Unique device identifiers and advertising IDs
• Mobile network information
• Time zone settings

3.5 Location Information

We may collect precise or approximate location data in the following circumstances:

• When you use location-based features such as "Find a Restaurant Near Me"
• When you permit your device to share GPS location data with our app or Website
• Inferred location data derived from your IP address
• When you provide a delivery or pickup address during the ordering process

3.6 Communications and Customer Service Data

When you communicate with us, we collect:

• Email correspondence and message contents
• Chat transcripts from live chat or chatbot interactions
• Details of complaints, feedback, and requests
• Survey responses and ratings

3.7 Social Media and Third-Party Information

If you connect your social media account to our Services or interact with our social media pages, we may receive information such as your public profile details, social media handle, and any content you share publicly. If you log in through a third-party single sign-on service (such as Google or Facebook), we receive the information you authorize that platform to share.

3.8 Information Collected from Third Parties

We may receive information about you from third-party sources, including:

• Third-party delivery platform partners (e.g., DoorDash, Uber Eats, Grubhub)
• Marketing and advertising partners
• Analytics and data enrichment providers
• Publicly available data sources

4. How We Use Your Information

We use the personal information we collect for the following purposes, based on legitimate business interests, contractual necessity, legal obligations, and — where required — your consent:

4.1 Service Provision and Order Fulfillment

• Processing and fulfilling food orders, including delivery and pickup arrangements
• Managing your account and membership in loyalty or rewards programs
• Communicating order confirmations, updates, and delivery notifications
• Facilitating payment processing and refunds
• Providing customer support and resolving disputes or complaints

4.2 Marketing and Promotional Communications

• Sending promotional emails, offers, coupons, and newsletters (with your consent or where permitted by law)
• Personalizing marketing communications based on your order history and preferences
• Administering contests, sweepstakes, surveys, and promotional events
• Delivering targeted advertising on our Website and on third-party platforms
• Retargeting campaigns based on your browsing behavior

4.3 Analytics and Service Improvement

• Analyzing usage patterns and customer behavior to improve our Website and Services
• Conducting market research and product development
• Measuring the effectiveness of our marketing campaigns
• Performing A/B testing and user experience optimization
• Generating aggregated, anonymized reports for internal business analysis

4.4 Legal Compliance and Safety

• Complying with applicable federal and state laws and regulations
• Responding to legal processes, court orders, or governmental requests
• Protecting the rights, property, and safety of our company, employees, and customers
• Detecting, preventing, and investigating fraud, abuse, or unauthorized activity
• Enforcing our Terms of Service and other applicable policies

4.5 Personalization

• Customizing the content and offers displayed to you based on your preferences and history
• Recommending menu items based on past orders
• Providing location-based services and restaurant recommendations

5. Cookies and Tracking Technologies

Our Website uses cookies, web beacons, pixel tags, local storage, and similar tracking technologies to collect usage data, enhance user experience, and deliver relevant advertising.

5.1 Types of Cookies We Use

• Essential Cookies: Required for the basic functionality of our Website, such as maintaining your login session and processing orders.
• Analytical/Performance Cookies: Allow us to understand how visitors interact with our Website through tools such as Google Analytics.
• Functional Cookies: Enable personalized features such as saved preferences, location settings, and language options.
• Marketing/Advertising Cookies: Used to track your activity across websites for the purpose of delivering targeted advertisements.

5.2 Managing Your Cookie Preferences

You may manage or disable cookies through your browser settings or through our Cookie Preference Center available on our Website. Please note that disabling certain cookies may limit the functionality of our Services. For detailed information about how we use cookies, please refer to our Cookie Policy, available on our Website.

We also honor Global Privacy Control (GPC) signals as required by the California Privacy Rights Act (CPRA) and other applicable state laws.

6. Sharing Your Information with Third Parties

We do not sell your personal information in the traditional sense. However, as described in this section, we do share your information with certain third parties in connection with our business operations. Under the CCPA/CPRA, some sharing of personal information for cross-context behavioral advertising purposes may constitute a "sale" or "sharing" of personal information, and California residents have the right to opt out of such activities (see Section 10 below).

6.1 Service Providers and Vendors

We share personal information with trusted third-party service providers who perform functions on our behalf, including:

• Payment processors and financial institutions
• Third-party delivery platforms and logistics partners
• Cloud hosting and IT infrastructure providers
• Email marketing and communications platforms
• Analytics and data intelligence providers
• Customer relationship management (CRM) software providers
• Fraud detection and cybersecurity services

All service providers are contractually required to handle your personal information in a manner consistent with this Privacy Policy and applicable law.

6.2 Business Partners and Affiliates

We may share information with our corporate affiliates, franchise partners, and business partners for purposes consistent with this Privacy Policy, including co-branded promotions or joint loyalty programs.

6.3 Advertising and Marketing Partners

We may share or make available certain usage data, device identifiers, and behavioral data with advertising platforms, social media networks, and marketing technology providers to deliver targeted advertisements. This may include platforms such as Google Ads, Meta (Facebook/Instagram), and other digital advertising networks.

6.4 Legal Requirements and Law Enforcement

We may disclose your personal information when we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation, court order, subpoena, or governmental request
• Investigate or assist in the prevention of fraud, illegal activity, or policy violations
• Protect the rights, property, or safety of Church's Chicken, its employees, customers, or the public
• Respond to an emergency involving risk to the life or safety of any person

6.5 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, bankruptcy, or similar corporate transaction, your personal information may be transferred to a successor entity. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy where required by applicable law.

6.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other business purposes.

7. Data Security

We take the security of your personal information seriously and have implemented a variety of technical, administrative, and physical security measures to protect your data from unauthorized access, disclosure, alteration, or destruction.

7.1 Security Measures We Employ

• Encryption: We use Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption to protect data transmitted between your browser and our servers.
• Access Controls: Access to personal information is restricted to authorized personnel who have a legitimate need to access such data in the performance of their duties.
• Firewalls and Intrusion Detection: Our systems are protected by firewalls and intrusion detection systems to prevent unauthorized access.
• Regular Security Audits: We conduct periodic vulnerability assessments and security audits of our systems and infrastructure.
• PCI-DSS Compliance: Payment card data is handled in accordance with Payment Card Industry Data Security Standards.
• Employee Training: Our staff receive regular training on data privacy and security best practices.
• Incident Response: We maintain a data breach response plan and will notify affected individuals and relevant authorities as required by applicable law in the event of a security breach.

Important: While we take reasonable precautions to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your personal information.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, enforce our agreements, and meet our legitimate business needs.

Upon expiration of the applicable retention period, we will securely delete, anonymize, or de-identify your personal information in accordance with our internal data destruction procedures.

9. Children's Privacy

Our Website and Services are intended for individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 13 in violation of the Children's Online Privacy Protection Act (COPPA), or from individuals under the age of 18 without appropriate parental consent.

If we become aware that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take immediate steps to delete such information from our records. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected].

Certain features of our Website, including account registration and online ordering, require users to confirm that they meet the minimum age requirement. We rely on users to accurately represent their age when using our Services.

10. Your Privacy Rights

Depending on your state of residence within the United States, you may have certain rights with respect to your personal information. We are committed to honoring these rights in accordance with applicable law.

10.1 Rights Available to California Residents (CCPA/CPRA)

If you are a resident of California, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

10.2 Rights Available to Residents of Other States

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas, Florida, and other states with applicable privacy laws may have similar rights, including rights to access, delete, correct, and opt out of the processing of personal information for targeted advertising or profiling. We will honor rights requests from residents of all states with applicable privacy laws.

10.3 How to Exercise Your Rights

To exercise any of the rights described above, you may:

• Send an email to: [email protected] with the subject line "Privacy Rights Request"
• Submit a request through the privacy request form available on our Website

We will verify your identity before processing your request to protect the security of your information. We will respond to verified requests within 45 days of receipt. If we require additional time (up to 90 days total), we will notify you within the initial 45-day period.

You may also designate an authorized agent to submit requests on your behalf. We will require written proof of authorization before processing requests submitted by authorized agents.

10.4 Right to Opt Out of Marketing Communications

You may opt out of receiving marketing and promotional emails from us at any time by clicking the "Unsubscribe" link included in any marketing email, or by contacting us at [email protected]. Please note that even after opting out of marketing communications, you may still receive transactional emails related to your account or orders.

11. International Data Transfers

Church's Chicken is based in the United States and primarily processes personal information within the United States. However, we may transfer your personal information to service providers, partners, or affiliated entities located in other countries, including countries that may not provide the same level of data protection as your home jurisdiction.

When we transfer personal information internationally, we take steps to ensure that appropriate safeguards are in place to protect your information, including:

• Entering into data processing agreements with recipients that incorporate standard contractual clauses or equivalent protections
• Ensuring that transfers are made only to countries that provide an adequate level of data protection, or that appropriate technical and organizational measures are applied
• Conducting transfer impact assessments where required

By using our Services, you acknowledge and consent to the potential transfer of your personal information to countries outside of your country of residence, including the United States, in accordance with this Privacy Policy.

12. Third-Party Links and Services

Our Website may contain links to third-party websites, social media platforms, delivery apps, or other services that are not operated by Church's Chicken. When you click on these links, you will be directed to third-party sites that have their own privacy policies. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

We strongly encourage you to review the privacy policy of every website you visit. The inclusion of any link on our Website does not imply our endorsement of that website or service.

13. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that the user does not wish to be tracked. At this time, there is no universally accepted standard for responding to DNT signals, and our Website does not currently respond to DNT browser signals in a standardized way. However, we do honor Global Privacy Control (GPC) signals as required by the California Privacy Rights Act (CPRA) and other applicable state laws.

14. How to File a Complaint

If you have a concern about how we handle your personal information and you are not satisfied with our response to your inquiry, you have the right to file a complaint with the appropriate regulatory authority.

14.1 Federal Trade Commission (FTC)

For concerns related to unfair or deceptive business practices and data privacy under the FTC Act, you may file a complaint with the Federal Trade Commission:

• Website: www.ftc.gov/complaint
• Phone: 1-877-382-4357
• Address: Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580

14.2 California Privacy Protection Agency (CPPA)

California residents may file a complaint related to CCPA/CPRA violations with the California Privacy Protection Agency:

• Website: cppa.ca.gov
• Address: California Privacy Protection Agency, 2101 Arena Boulevard, Sacramento, CA 95834

14.3 State Attorneys General

Residents of other states may file privacy-related complaints with their state Attorney General's office. Most state Attorney General offices maintain online complaint portals. We encourage you to contact your state's consumer protection division for guidance.

14.4 Contact Us First

Before filing a formal complaint with a regulatory authority, we encourage you to contact us directly to allow us the opportunity to address your concern. Please reach out to us at [email protected] and we will make every effort to resolve your concern promptly and fairly.

15. Changes to This Privacy Policy

We reserve the right to update, modify, or revise this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes to this Privacy Policy, we will:

• Update the "Last Updated" date at the top of this page
• Post the revised Privacy Policy on our Website at chickchurchs.digital
• Notify registered users via email where required by applicable law or where changes are material
• Display a prominent notice on our Website homepage where significant changes have been made

Your continued use of our Website and Services after any such changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically to stay informed about how we protect your information.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact our privacy team using the information below:

We are committed to responding to all privacy-related inquiries in a timely manner and in accordance with our obligations under applicable United States federal and state privacy laws. Thank you for trusting Church's Chicken with your personal information. Your privacy is important to us, and we take our responsibility to protect it seriously.