Privacy Policy | Tim Hortons

Last revised 16^th May 2023

TH UK & IRELAND Limited (THUKI), the proud master franchisor in the United Kingdom of the Tim Hortons® restaurant brand, knows that your privacy is important. This Privacy Policy sets out our privacy practices that apply when you visit Tim Hortons® restaurants in the United Kingdom, use the timhortons.co.uk website or use any website, mobile or tablet application, digital in-restaurant kiosk, or other online service or platform of Tim Hortons® or any other THUKI company in the United Kingdom that links or refers to it (collectively, the “Services”), regardless of who owns or operates the Services or the restaurant you ultimately visit, as well as our interactions with you on third party platforms (such as social media).

1. Information We Collect

We may collect personal information about you when you use our online services (such as our website or mobile apps) or visit one of our restaurants.

For example, when you:

purchase items at our restaurants;
register to receive emails from us relating to our products, services, discounts, offers, competitions and/or events;
connect to our Wi-Fi networks;
contact us (for example with a question or to provide feedback).

The types of personal information we may collect include:

your personal details such as name, gender, e-mail address, postal address, phone number, date of birth;
information about your use of a discount or offer;
information about which Tim Hortons restaurants you have visited (for example, when you connect to a restaurant’s Wi-Fi network);
transaction information, such as information about the products you buy, prices, methods of payment and payment details;
your contact and marketing preferences;
other personal information you provide to us.

Other Information We Collect. We also may collect other information about you, your device, or your use of the Services in ways that we describe to you at the point of collection or otherwise with your consent.

Time Scales. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

2. How We Use Information

To Provide and Manage the Products and Services You Request. We use information that we collect, with your consent, to enable you to participate in features provided by the Services and in-restaurant, provide you with tailored offers, and improve the Services that we provide to you. From time to time, we may offer you the ability to personalize our products and Services, such as by uploading a photo or other information. We may also use services provided by third parties (such as social media platforms) to serve targeted ads to you and others on such platforms. You will be given the opportunity to opt in, if you have any queries with regards to this please contact thgdpr@timhortons.co.uk.

To Respond to You. When you contact us, we may collect information that identifies you (such as your name, address and a phone number) along with additional information we need to help us promptly answer your question or respond to your comment. We retain this information to assist you in the future and to improve our customer service, products, Services, and promotions.

When you Make A Purchase. You do not have to provide any personal information when you purchase merchandise with cash at a restaurant. If you use a credit or debit card for your purchase, your debit or credit card-related information will be collected to process and administer your payment. When you make purchases through the online Services, we may collect information such as your name, email address, billing address, the email or mailing address for delivery (if applicable), phone number, and payment card information. This information is used to process, fulfil and deliver your order.

To Contact You. We may contact you with offers and information about the Services and our affiliates, including to inform you about our products, events, promotions, and special offers that may be tailored to your interests. You may opt out of receiving commercial messages from us by following the instructions contained in our electronic messages or by contacting us as set out below.

To Deliver Targeted Advertising. We may use your information, including your location information, to facilitate the delivery of targeted ads, promotions, and offers to you, on behalf of ourselves, select business partners, and advertisers, on and off the Services. (See “Interest-Based Advertisements” section below.). You have the right to ask us not to process your personal data for marketing purposes. You can do this by contacting our Privacy Officer using the email thgdpr@timhortons.co.uk .

To Better Understand Our Customers and to Improve Our Services. In the course of providing the Services, we may collect information on our users' demographics, interests and behaviour and analyse that data. We do this to better understand and serve our users, and to improve our products and Services.

When You Use a “Share with a Friend” or Similar Feature on the Services. The Services may offer a “share with a friend” or other similar feature which permits you to electronically send content from the Services to others by providing us with their contact information. Except where permitted by law, we do not use the contact information you provide when using this feature for other unrelated purposes without your consent or the consent of the recipient, as applicable. Please ensure that you only submit contact information for individuals you know and who would want to receive the content you share with them.

When you apply for a job. In the course of considering your application for employment we will assess your suitability for the position and share your information internally with the hiring manager. Your details will be held for up to 12 months in order to perform a contract with you.

Consent. We may otherwise use your information with your consent or at your direction.

3. The Legal Basis For Processing Your Information

Under GDPR, the main grounds that we rely upon in order to process your Information are the following:

Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your Information. We may also be obliged by law to disclose your Information to a regulatory body or law enforcement agency;
Necessary for the purposes of legitimate interests - either we, or a third party, will need to process your Information for the purposes of our (or a third party's) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your Information protected. Our legitimate interests include responding to requests and enquiries from you or a third party, fulfilling takeaway, gift card, optimising our website and customer experience, informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner;
Consent – in some circumstances, we may ask for your consent to process your Information in a particular way;
Necessary to perform a contract with you. Should you apply for a job role with us, for example, the lawful basis for us processing your data is in order for us to agree a contract of employment for you.

4. Sharing of Information

The following provides information about entities with which we may share information. Our practices vary depending on the type of information and sharing.

Affiliates. We may share information within our family of affiliated companies (Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006) so that we may provide offers from those companies that may be relevant to you, better understand your preferences, and improve our Services.

Franchisees. We may share information with local owners of Burger King® and Tim Hortons® restaurants, particularly when they will work with us in delivering Services to you. For example, local restaurants will implement delivery and take-away services that you may request through the Services. We also may provide our franchisees with information so that a local restaurant may provide you with offers and promotions that might interest you.

Business Partners. We may also share your information with business partners to provide you with Services that you request. For example, if you sign up for a promotion that runs on our Services but that is sponsored or co-sponsored by another company, your information may be shared with that sponsor. We are not responsible for the privacy practices of these entities and recommend you review their privacy policies carefully.

Service Providers. We may share information with companies providing services on our behalf, such as delivery services, hosting vendors, advertising service providers, data analytics companies, marketing service companies, and list managers. We also may share your information, including your payment information, as appropriate to process your payments for the Services or complete a transaction. Our service providers are given the information they need to perform their designated functions, and we do not authorize them to use or disclose personal information for their own marketing or other unrelated purposes.

Social Media Services. If you connect a social media account with the Services or engage with our services through a social media platform, we may share your information with that social media platform, and it may share information about you with us. We may use this information to personalize your experience on the Services and on the third-party social media platforms, or to provide you with offers or other products or Services you may request. The social media services’ use of the shared information will be governed by the social media services’ privacy policy and your social media account settings. If you do not want your information shared in this way, do not connect your social media service account with the Services.

Companies that Provide Content, Advertising, or Functionality. Some of the content, advertising, and functionality on our Services may be provided by third parties, such as our advertisers. These companies may collect or receive certain information about your use of the Services, including through the use of cookies, beacons, and similar technologies, and this information may be combined with information collected across different websites and online services in order to deliver ads that are more relevant to you, both on and off our Services.

Other Parties When Required or Permitted by Law, or As Necessary to Protect Our Users and Services. We and our service providers (including affiliates) may use and share your personal information as we believe is necessary or appropriate to protect, enforce, or defend the legal rights, privacy, safety, or property of the Services, our employees or agents or users, to detect, suppress or prevent fraud or where otherwise required or permitted by applicable law or legal process, including responding to a search warrant or other legally valid requests from public and government authorities (which may include lawful access by U.K. or other governmental authorities, courts or law enforcement agencies).

Other Parties in Connection With a Corporate Transaction. We reserve the right to transfer any information we have about you in the event that we sell or transfer all or a portion of our business or assets to a third party, such as in the event of a merger, acquisition, or in connection with a bankruptcy reorganization.

Otherwise With Your Consent or at Your Direction. In addition to the sharing described in this Privacy Policy, we may share information about you with third parties whenever you consent to or direct such sharing.

Aggregated Data. We also may provide aggregated information, and data with personal identifiers removed, to third parties to describe how our customers are using the Services.

5. Online Advertising and Cookies

We and other companies that provide advertising and other services on our Services may use cookies, web beacons, and similar technologies to facilitate administration and navigation, to better understand and improve our Services, to determine and improve the advertising shown to you here or elsewhere, and to provide you with a customized online experience.

Interest-Based Advertisements. We may use third parties to serve advertisements on our Services and on other websites and digital platforms. These companies may use cookies, web beacons or other technologies to report certain information about your visits to our Services and other websites (such as web pages you visit and your response to ads) in order to measure the effectiveness of our marketing campaigns and to deliver ads that are more relevant to you, both on and off our Services.To learn more and to opt-out of having your information used by these companies for online behavioural advertising purposes, please see “Choices with Respect to Interest-Based Advertisements” below. We may also use services provided by third parties (such as social media platforms) to serve targeted ads to you and others on such platforms. We may do this by providing a hashed version of your email address or other information to the platform provider.

Cookies. “Cookies” are small files that are placed on your computer when you visit a website. Cookies may be used to store a unique identification number tied to your computer or device so that you can be recognized as the same user across one or more browsing sessions, and across one or more sites. Generally, Cookies do not contain any Personal Information that would identify you.

Cookies serve many useful purposes. For example:

Cookies can remember your sign-in credentials so you do not have to enter those credentials each time you visit a Service
Cookies can help us and third parties understand which parts of our Services are the most popular because they help us see which pages and features visitors access and how much time they spend on the pages. By studying this kind of information, we are better able to adapt our Services and provide you with a better experience.
Cookies help us and third parties understand which ads you have seen so that you don’t receive the same ad each time you access a Service.

How Long Are Cookies Stored For?

Persistent Cookies. These cookies remain on a user's device for the period specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.

Session Cookies. These cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.

Beacons. We, along with third parties, also may use technologies called beacons (or “pixels”) that communicate information from your device to a server. Beacons can be embedded in online content, videos, and emails, and can allow a server to read certain types of information from your device, know when you have viewed particular content or a particular email message, determine the time and date on which you viewed the beacon, and the IP address of your device. We and third parties use beacons for a variety of purposes, including to analyse the use of our Services and (in conjunction with cookies) to provide content and ads that are more relevant to you both on and off the Service.

You can find more information about cookies at www.allaboutcookies.org and www.youronlinechoices.eu.

Cookies Used On Our Websites

A list of all the cookies used on the Timhortons.co.uk websites by category is set out below.

Strictly Necessary Cookies. These cookies enable services you have specifically asked for. These cookies are essential to enable you to move around our website and use its features, such as accessing secure areas of the website.

Performance Cookies. These cookies collect anonymous information on the pages visited. By using the website, you agree that we can place these types of cookies on your device. These cookies collect information about how visitors use the website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don't collect information that identifies a visitor. All the information these cookies collect is anonymous. The only purpose of these are to improve how the site works.

Functionality Cookies. These cookies remember choices you make to improve your experience. By using the website, you agree that we can place these types of cookies on your device.

These cookies allow our website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect are anonymised and they cannot track your browsing activity on other websites.

Third Party Cookies. These cookies allow third parties to track the success of their application or customise the application for you. Because of how cookies work we cannot access these cookies, nor can the third parties access the data in cookies used on our site. For example, if you choose to ‘share’ content through Twitter or other social networks you might be sent cookies from these websites. We don't control the setting of these cookies, so please check those websites for more information about their cookies and how to manage them.

When someone visits the Tim Hortons UK website we may use a third-party service such as, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

Removing Cookies. If you do decide you’d like to remove cookies from your device we know how to help. Below are links to the most common internet browsers around, if your browser is not listed here please refer to the help section in your own browser.

Safari on your iPhone, iPad, or iPod touch

Android's web browser

Internet Explorer

Firefox

Chrome

Local Storage & Other Tracking Technologies. We, along with third parties, may use other kinds of technologies, such as Local Shared Objects (also referred to as “Flash cookies”) and HTML5 local storage, in connection with our Services. These technologies are similar to the cookies discussed above in that they are stored on your device and can be used to store certain information about your activities and preferences. However, these technologies may make use of different parts of your device from standard cookies, and so you might not be able to control them using standard browser tools and settings. For HTML5 local storage, the method for disabling HTML5 will vary depending on your browser. For Flash cookies, information about disabling or deleting information contained in Flash cookies can be found here.

Do-Not-Track Signals and Similar Mechanisms. Some web browsers may transmit “do-not-track” signals to the websites with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. Because there currently is no industry standard concerning what, if anything, websites should do when they receive such signals, the Services currently do not take action in response to these signals. If and when a final standard is established and accepted, we will reassess how to respond to these signals.

6. Privacy and Access Choices Available To You

Choices With Respect To Cookies and Similar Technologies. You may block cookies and similar technologies in your browser or device settings, see above, as and if permitted by such device.

Choices With Respect To Interest-Based Advertising. You may opt out of receiving targeted advertising from participating ad networks, audience segment providers, ad serving vendors, and other service providers by visiting websites operated by the Network Advertising Initiative, and Digital Advertising Alliance.

Data Access. Under the EU General Data Protection Regulation 2016/679 ("GDPR") you have the right to know what information we collect and hold on your, the right to update the information we hold and your right to erasure. To exercise any of these rights please contact thgdpr@timhortons.co.uk . We may request certain personal information for the purposes of verifying the identity of the individual seeking access to their personal information records.

Email Promotions. You may opt out of receiving commercial email, text message, and other electronic messages from us by following the instructions contained in those messages.

7. Data Security

We have in place physical, electronic and managerial procedures to protect personal information in our custody and control against loss, theft and unauthorized access, use, modification and disclosure. However, as effective as these measures are, no security system is impenetrable. We cannot guarantee the security of our Services, nor can we guarantee that the information you provide will not be intercepted while being transmitted to us over the Internet.

8. Other Important Information

Children’s Privacy. We do not knowingly collect any personal information from children under the age of 13 without parental consent, unless permitted by law. If we learn that a child under the age of 13 has provided us with personal information, we will delete it in accordance with applicable law.

Links to Third-Party Sites. Our Services may link to third-party websites and services that we do not operate and are outside of our control. We are not responsible for the security or privacy of any information collected by other websites or other services. Please exercise caution and review the privacy statements applicable to the third-party websites and services you use.

Changes to Our Privacy Policy. This privacy notice can be changed by us at any time. If we change our privacy policy with regards to how we process data we are already holding on you we will notify you where we are holding your email address.

Questions. Please contact our Privacy Officer at thgdpr@timhortons.co.uk with any questions or concerns about this Privacy Notice or the manner in which we or our service providers treat your personal information