Cajun Operating Company and affiliates[1] (“Church’s”) Internet Consumer Privacy Policy for Consumers (the “Consumer Privacy Policy”)

Thank you for visiting us online at churchs.com. At Church’s we strive to do everything we can to respect the trust customers have in our brand and our commitment to your privacy is no exception. We are committed to protecting and safeguarding consumer privacy on the Internet, especially for children.

Thanks again for visiting our website and for placing your trust in Church’s.

Church’s is pleased to provide information to all of its customers about its online privacy policy. Please be assured that Church’s uses its best efforts to protect the privacy of visitors to this web site. This Consumer Privacy Policy does not pertain to Church’s franchisees or employees.

• 1. Types of Information We Collect

  We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). In particular, we have collected the following categories of Personal Information from consumers within the last twelve (12) months:

  Category	Examples	Collected
  A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, unique device identifier (UDID) or mobile equipment identifier (MEID) for your mobile device, advertising identifiers (for example, IDFAs and IFAs) or similar identifiers.	YES
  B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, address, telephone number, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories.	YES
  C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	NO
  D. Commercial information.	Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	YES
  E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	NO
  F. Internet or other similar network activity.	Browsing history, search history, computer or mobile-device operating system and browser type; type of mobile device and its settings; referring website (a site that has led you to ours) or application; online activity on other websites, applications or social media; information on a consumer’s interaction with a website, application, or advertisement; communications to us or regarding us on social media; and activity related to how you use our online services, such as access dates and times, the pages you visit on our sites or in our mobile apps.	YES
  G. Geolocation data.	Physical location or movements.	YES
  H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	NO
  I. Professional or employment-related information.	Current or past job history or performance evaluations.	NO
  J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	NO
  K. Inferences drawn from other personal information.	Profile reflecting a person’s preferences, characteristics, predispositions, behavior and attitudes.	YES
  L. Other	Identifiers – Social Security number, driver’s license number and passport number.   Personal Information – signature, Social Security number, physical characteristics or description, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, medical information, or health insurance information. Commercial Information – Records of personal property. Inferences drawn from other personal information – psychological trends, intelligence, abilities, and aptitudes.	NO

  Personal information does not include:

  • Publicly available information from government records.
  • De-identified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, like:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
    • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994

• 2. How We Collect Your Information

  We may collect information about you from other companies and organizations. We may also collect information that is publicly available (i.e. social media).

  We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from our agents. For example, from documents that our agents provide in order to provide us with services.
  • Indirectly from our you or our agents. For example, through information we collect from you or our agents in the course of providing services to you or our agents providing services to us.
  • Directly and indirectly from activity on Church’s websites listed below. For example, from submissions through our website portal or website usage details collected automatically.

  churchs.hn	churchstexascsi.com	TEXASCHICKEN.COM
  CHURCHS.US	churchstogo.com	TEXAS-CHICKEN.COM
  churchschicken.ca	churchsusa.com	texaschicken.com.mg
  CHURCHSCHICKEN.COM	freadynow.com	texaschicken.com.mu
  churchschicken.com.tt	MYLOCALCHURCHS.COM	texaschicken.info.ke
  churchschicken.gy	Teamchurchs.com	texaschicken.ke
  churchschicken.hn	tellchurchs.com	texaschicken.la
  CHURCHSCHICKEN.INFO	telltexaschicken.com	texaschicken.lc
  churchschicken.lc	texaschicken.ae	texaschicken.mg
  churchschicken.me	texaschicken.africa	texaschicken.mu
  Churchschicken.net	texaschicken.bh	texaschicken.ne.ke
  CHURCHSCHICKEN.ORG	texaschicken.cn	texaschicken.net.rw
  churchschicken.st	texaschicken.co.ke	texaschicken.or.ke
  churchschicken.tt	texaschicken.co.mu	texaschicken.org.mg
  CHURCHSCHICKEN.XXX	texaschicken.co.mz	texaschicken.org.rw
  CHURCHSCHICKENRESTAURANTS.COM	texaschicken.co.nz	texaschicken.pk
  churchsdealivery.com	texaschicken.co.rw	texaschicken.rw
  churchsdelivers.com	texaschicken.co.th	texaschicken.ug
  CHURCHSFRANCHISE.COM	texaschicken.co.tz	texaschicken.uk
  CHURCHSFRIEDCHICKEN.COM	texaschicken.co.ug	texaschickenarabia.com
  churchstexaschicken.com	texaschicken.co.uk

  • From third-parties that interact with us in connection with the services we perform. For example, from companies that help us to process orders or administrate our Loyalty Program.
  • Through automated means. We may use automated technology to collect information from your computer system or mobile device when you visit our restaurants, use our online services, or in-restaurant technology to collect information about the exact location of your mobile device or computer using geolocation and technology such as GPS, Wi-Fi, Bluetooth, or cell tower proximity. Automated technology may include cookies, local shared objects, geofencing and web beacons. There is more information below about cookies and other technologies in Section 6.

• 3. How Will We Use Your Information

  We may use or disclose the personal information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason for which the information is provided, such as carry out your requests, fulfill orders, and process payments for our products and services as well as communicate with you about your orders, purchases or accounts with us, requests, questions, and comments. For example, if you provide us with personal information in order for us to provide you with rewards through our Loyalty Program, we will use that information to determine the rewards for which you qualify and provide you those rewards through our mobile app or other methods as disclosed.
  • To provide online services to you, which includes our websites or mobile apps.
  • To provide customer support, including to process any concerns about our services.
  • To provide you with information, products or services that you request from us.
  • To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you.
  • To market to you, improve our services, and the following additional legitimate business interests: (a) use analytics and profiling technology to personalize your experience, deliver content (including advertising) tailored to your interests and how you use our online services or in-store technologies, manage our business, help diagnose technical and service issues, administer our online services and in-store technologies, identify users of our online services, identify a device for fraud prevention purposes, gather demographic information about our customers, and determine usage patterns of our services; (b) maintain, manage, and improve our products, offers, promotions, and online services and other technology; (c) send you e-mails or text messages about our products and services, competitions, offers, promotions or special events that we believe may interest you; (d) to send you e-mails or text messages about the products and services of our business partners; (e) provide location-based services; (f) deploy cookies and similar technologies; and (f) provide online services to you, which includes our websites or mobile apps.
  • To carry out our obligations and enforce our rights arising from the Loyalty Program, Ordering Application, Contests, Sweepstakes, Games or any other contract between you and us.
  • As necessary or appropriate to protect the rights, property or safety of us, our customers or others and ensure the security of our networks and systems.
  • To respond to law enforcement requests and as required by applicable law, court order, legal request, governmental regulations, law enforcement investigation or an investigation on a matter of public safety.
  • As described to you when collecting your personal information or as otherwise set forth in the California Consumer Privacy Act (“CCPA”), the Privacy of Information Collected on the Internet from Consumers Act (Nev. Rev. Stat. Ann. § 603A.300-603A.360), Vermont’s privacy statute (VT. STAT. ANN. tit. 9, § 2446), the Act to Protect the Privacy of Online Customer Information (STAT. TIT. 35-A, § 9301), Delaware’s privacy statue (DEL. CODE Tit. 6 § 205C.), Oregon’s privacy statute (ORS § 646.607), and Utah’s statute regarding the sharing of personal information (Utah Code §§ 13-37-201 to -203 ).
  • If you are a minor child, as described to you when collecting your personal information or as otherwise set forth in Children’s Online Privacy Protection Act (“COPPA”, Children’s Online Privacy Protection Rule, 64 Fed. Reg. 59,888 (Nov. 3, 1999) (codified at 16 C.F.R. § 312 (2012), California’s Privacy Rights for California Minors in the Digital World Act ( Bus. & Prof. Code §§ 22580-22582) and Delaware Del. Code § 1204C.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
  • We may use the information we collect about you in other ways, which we will tell you about at the time we collect it or for which we will seek your consent. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

• 4. Who Will Have Access To Your Information or With Whom We Will Share Your Information

  We may disclose your personal information to our franchisees or other third parties for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. Of course, any use of this information by the Church’s Family will comply with this Policy. Occasionally, with your permission, we will send marketing information to you, such as discount coupons, information about new product offerings, etc.

  In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

  Category A: Identifiers.
  Category B: California Customer Records personal information categories.

  We disclose your personal information for a business purpose (as explained in Section 3 above) to the following categories of third parties:

  • Our affiliates.
  • Our franchisees.
  • Service providers.
  • Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.

  The business purpose for disclosing your information is summarized in Section 3 above.
  In the preceding twelve (12) months, we have not sold any personal information. Church’s does not sell, transfer or disclose personal information to third parties outside the Church’s Family. The Church’s Family includes Cajun Operating Company, our franchisees, and our affiliates.

• 5. Children’s Privacy Notice

  Church’s does not current collect any information from individuals under the age of 18, however, if Church’s collects information from children under the age of 13 in the future, Church’s is committed to protecting the privacy of children who visit our Web sites. Our Consumer Privacy Policy and this Children’s Privacy Notice are designed to answer your questions regarding our practices with respect to personal information we collect through our Web sites from children under the age of 13.

  What Personal Information Does Church’s Collect From a Child?

  We may offer some services intended for children, such as games, and in some cases we may know a child is using our services (for example, when using a child profile). In these situations, children may share and we may collect personal information that requires verifiable parental consent under the Children’s Online Privacy Protection Act (collectively, “Child Personal Information”). Child Personal Information could include, for example, name, birthdate, contact information (including phone numbers and e-mail addresses), voice, photos, videos, location, and certain activity and device information and identifiers (such as cookies, device serial numbers, and IP addresses). Our Consumer Privacy Policy describes other information we collect that is not Child Personal Information.

  How Does Church’s Use the Personal Information It Collects from a Child?

  We use Child Personal Information to provide and improve our products and services, including personalizing offerings and recommendations for children, communicating information, enforcing parental controls, and giving parents visibility into how their children use our products and services.
  
  We use email addresses submitted by a child in order to respond to the child’s request or to notify the child if he or she has won or lost a contest or sweepstakes they entered. We use the email address of a parent or guardian, in order to provide the parent notice of our information practices or to seek the parent’s or guardian’s consent. If a child provides his or her first name and a friend’s first name and/or email address to request we send a card, photo or game to the friend, then we use that information solely to send the card, photo or link to a game to the friend’s email address

  Does Church’s Share a Child’s Personal Information?

  We may share a child’s personal information with third parties to the extent reasonably necessary to protect the security or integrity of our sites, take precautions against liability, or respond to judicial process or requests from other governmental authorities; or when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity. We also may share personal information collected from children with vendors that perform services for Church’s. These services may include hosting our Web site, providing technical services to Church’s, fulfilling requests or administering sweepstakes. Such vendors are obligated to protect the confidentiality of the personal information we share with them.

  Requests from Parents Regarding Our Children’s Privacy Practices

  You choose whether to give us permission to collect Child Personal Information from your child. If you have not given us permission to collect Child Personal Information, we may make available certain voice services intended for children (e.g., certain Alexa features), and we may process your child’s voice recordings to provide these services, but we will not store those voice recordings. We do not knowingly collect, use, or disclose Child Personal Information without this permission.

  We make available controls so that you can remain involved in your child’s use of Church’s products and services. To learn more about revoking permission for a child or how to review or delete Child Personal Information, please visit the Manage Parental Consent page or contact privacy@churchs.com using the information provided below.

  Please note that if you withdraw the permission you have provided for your child or request deletion of Child Personal Information, certain services and features may no longer be available.

  Parents may review personal information we have collected from their child that has not been deleted, and can request that the personal information be deleted from our records if it has not been already. Parents also may refuse to permit further collection or use of their child’s personal information, when the parent has previously provided consent. To do so, please contact us at the address, telephone number or email address provided below with your request.

  Who Should I Contact with Questions?

  We urge parents to regularly monitor and supervise their children’s on-line activities. If you have any questions about our Children’s Privacy Notice, please contact us at privacy@churchs.com or via mail:
  Attn: Chief Legal Officer
  Cajun Operating Company d/b/a Church’s Chicken_™
  980 Hammond Drive, Suite 1100
  Atlanta, GA 30328

  You can opt out of targeted advertising by visiting the Digital Advertising Alliance website or the Network Advertising Initiative website . If you choose to opt out, you will continue to receive advertisements but they will not be tailored to your interests.

  Other than information required to sell our products or services, Church’s does not knowingly collect personal identifiable information from children under the age of 13. If a child under 13 has provided us with personal information without parental or guardian consent, the parent or guardian may contact us by emailing us at privacy@churchs.com. We will remove the information and unsubscribe the child from any of our electronic marketing lists. When required by applicable law, we may ask children to consent from their parents or guardians before we will provide a product or service to them.

  Links to Other Sites

  We may offer links to sites that are not operated by Church’s. If you visit one of these linked sites, you should review their privacy and other policies. We are not responsible for the policies and practices of other companies, and any information you submit to those companies is subject to their privacy policies.

  Other Church’s Web Sites

  All web sites operated by Church’s will adhere to this Policy. The policies of some Church’s sites may vary, however, because of local customs, practices or laws or due to circumstances unique to that site. In all cases, however, sites operated by Church’s will honor the commitments to our customers set forth in this Policy regarding the collection and use of personal information.

  Church’s Franchisee Web Sites

  Many Church’s restaurants are owned and operated by franchisees who are independent businessmen and women. Some franchisees also operate web sites. In many cases, franchisee sites follow this Policy. However, please review the privacy policy of each site to determine the privacy policies of that site.

• 6. Additional Notice for California Consumers

  This part of our Privacy Statement applies to consumers who reside in the State of California.
  The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

  Access to Specific Information and Data Portability Rights

  You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
    • sales, identifying the personal information categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

  Deletion Request Rights

  You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

  We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

  Exercising Access, Data Portability, and Deletion Rights

  To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
  Emailing us at privacy@churchs.com
  Visiting churchs.com/privacy-request
  Calling us at (770) 350-3800

  Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

  You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

  We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

  Response Timing and Format

  We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

  We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

  Non-Discrimination

  We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

• 7. Opt-Out Rights

  In some states you may have the right to opt-out of our collection, use and/or sharing of the data we collect from you as explained in 1 above (“Opt-Out Rights”). If you wish to exercise your Opt-Out rights, or otherwise wish to opt-out:

  If you have agreed to receive marketing communications from us, you can later opt out by following the opt-out instructions in the marketing communications we send you.

  You can also generally find your communication preferences with instructions on how to opt out in the profile section of the online services that you use.

  You may also have the ability to change your communication preferences using your device settings.
  and also visit the opt-out tools provided by the Network Advertising Alliance and the Digital Advertising Alliance.

  If you do opt out of receiving marketing communications from us, we may still send communications to you about your transactions, any accounts you have with us, and any contests, competitions, prize draws or sweepstakes you have entered. Opting out of one form of communication does not mean you have opted out of other forms as well. For example, if you opt out of receiving marketing emails, you may still receive marketing text messages if you have opted in to receiving them. Please note that if you are receiving communications from a Church’s Chicken_™ franchise, then you will need to opt out from them directly.

• 8. Agent Authorization

  You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with written permission, signed by you, to act on your behalf. Your agent may contact us as set forth below in “How to Contact Church’s Chicken_™ USA” to make a request on your behalf. Even if you choose to use an agent, as permitted by law, we may require verification of the agent’s authorization to act on your behalf, require you to confirm you have authorized the agent to act on your behalf, or require you to verify your own identity.

• 9. Disability Access

  If you are a user with a disability, or an individual assisting a user with a disability, and have difficulty accessing or navigating our digital channels – including this Privacy Statement – please contact us at accessibility@churchs.com.  You can also review our Digital Accessibility Statement.

• 10. How to Contact Church’s Chicken_™ USA

  Church’s Chicken_™
  Attn: Digital Marketing and Chief Legal Officer
  980 Hammond Drive
  Suite 1100
  Atlanta, GA 30328

  If you would like to speak to a customer care representative, please call 1-866-345-6788

• 11. Additional Information for Church’s Employees

  Confidential information of Church’s (including, but not limited to, business strategies, pending contracts, unannounced products, exploration or research results, or financial projections) may not be given or released, without proper authority, to anyone not employed by Church’s, or to an employee who has no need for such information. Nonpublic information obtained as a consequence of employment with Church’s (including information about customers, suppliers, or competitors, acquisitions or divestitures) may not be used for the personal profit of the employee or of anyone as a result of association with the employee. Use for Nonpublic information includes taking advantage of such information by trading or providing information for others to trade in securities of Church’s or any other company. All disciplinary records, medical/benefit information and employee’s personal data and family data are considered confidential and shall be given the same consideration and protections as confidential Church’s information.

• 12. Changes to our Consumer Privacy Policy

  This Policy is effective as of August 14, 2020. From time to time, it may be necessary for Church’s to change this Policy. If we change our policy, we will post the revised version here, so we suggest that you check here periodically for the most up-to-date version of our Policy. Rest assured, however, that any changes will not be retroactively applied and will not alter how we handle previously

  Cajun Operating Company’s affiliates include Church’s Holding Corp., Cajun Global LLC, Cajun Restaurants LLC, Cajun Realty LLC, Cajun Funding Corp., Church’s Texas Holdings LLC, Cajun Holdings of Texas LLC and CT Restaurants LP.