Privacy Statement

Last updated: August 18, 2021

I. Introduction

This Privacy Statement describes how McDonald’s in the countries listed below – collect, use, protect and share the personal information of our customers. Customers include those who visit our restaurants, use our websites and mobile apps, and otherwise interact with us.

Some of the countries in which we operate have laws that require us to share specific privacy information with our customers in those countries. As such, this Privacy Statement is comprised of two sections – a globally applicable statement and country-specific addendum.

II. Your privacy globally

The data controller of your personal information is the McDonald’s entity in the jurisdiction where your personal information is collected (“we” or “us”). Please refer to the applicable country specific addendum for more information.

Many of our restaurants are owned and operated by franchisees, who are independent businessmen and women. This Privacy Statement does not apply to our franchisees or to websites or mobile apps that they operate. Please reference our franchisees’ privacy notices for information on how they collect and use customer information.

  1. Information we collect
  2. How we use the information we collect
  3. How we share the information we collect
  4. Children's privacy notice
  5. Your choices and rights
  6. Use of our online services and other technology
  7. Links to other websites and social media
  8. Information security
  9. Retention
  10. International data transfers
  11. Changes to our privacy statement
  12. How to contact us

1. Information we collect

We may collect personal information about you when you visit our restaurants, use our websites or mobile apps (“online services”), and otherwise interact with us (collectively, “services”). The information we collect falls into three categories: (a) information you provide to us; (b) information we collect through automated methods when you use our services; and (c) information we collect from other sources (see below).

Generally, you are under no obligation to provide your personal information. However, in certain cases, we may be unable to provide you with our services unless you provide your personal information.

We may combine the information you provide to us with information that is collected through automated methods, and with information we receive from other sources. For example, when you add a method of payment to your profile in our mobile app, we may combine your profile with information we receive from our payment processors or other providers regarding transactions made with the same payment credentials in our restaurants.

We collect information you provide to us

You may provide the following information to us, depending on how you interact with us:

  • personal details, such as your name, postal and email addresses, phone number, birthday information and other contact information, when you register with our online services, log-in to Wi-Fi, enter one of our competitions, or contact us by phone or through our online services;
  • demographic information such as age or gender;
  • transaction information, including information about the products you buy, prices, method of payment and payment details;
  • account information, such as your username or password (or anything else that identifies you) used to access our online services or to buy or use our products and services;
  • profile information, including products and services you like, or times you prefer to visit us; and other personal information you choose to provide us when you interact with us (including through social media).

 

We collect information through automated methods

We may use automated technology to collect information from your computer system or mobile device when you visit our restaurants, use our online services, or in-restaurant technology. Automated technology may include cookies, local shared objects, and web beacons. There is more information below about cookies and other technologies in Section 6.
We may collect information about your:

  • internet protocol (IP) address;
  • computer or mobile-device operating system and browser type;
  • type of mobile device and its settings;
  • unique device identifier (UDID) or mobile equipment identifier (MEID) of your mobile device;
  • device and component serial numbers;
  • advertising identifiers (for example, an Identifier for Advertising (IDFA) on Apple devices) or similar identifiers;
  • referring webpage (a page that has led you to ours) or application;
  • online activity on other websites, applications or social media;
  • visits to our restaurants, where recorded using digital technology (e.g. video recordings); and
  • activity related to how you use our online services or in-restaurant technology, such as the pages you visit on our websites or in our mobile apps.

 

Our online services and in-restaurant technology may collect information about the exact location of your mobile device or computer using geolocation and technology such as GPS, Wi-Fi, Bluetooth, or cell tower proximity. For most mobile devices and computer systems, you can disable the collection of this information by using the device or web-browser settings. If you have any questions about how to prevent us from collecting exact information about your location, we recommend you contact your mobile-device service provider, the device manufacturer, or your web-browser provider. Some online services and in-restaurant technology may not work properly without information about your location.

We collect information from other sources

We may collect information about you from our business partners and vendors (e.g., food delivery platforms, data providers, or payment processors) or from public sources (e.g., your public social media posts).

Back to Top

2. How we use the information we collect

We use the information we collect for the following purposes:

  • to provide our products and services and contract with you, including payment processing and customer support;
  • to manage our relationship with you, including feedback management and customer surveys;
  • to personalize and improve our products and services and your overall customer experience, in particular by improving our existing technologies and developing new products and services and employing profiling technology (unless we notify you separately thereof, this will not include automated individual decisions that have legal effects for you or similarly significantly affect you);
  • to provide you with general and personalized electronic and non-electronic direct marketing information and support our targeted advertising initiatives concerning our products and services as well as our business partners’ products and services (including promotions, contests, prize draws, competitions and sweepstakes);
  • business analytics, including consumer and operations research, to assess the effectiveness of our sales, online service, marketing, and advertising, and to analyze market trends and (future) customer demand;
  • to ensure the security of our online services and in-restaurant technology, including the detection, prevention, and investigation of attacks;
  • to protect against, identify and prevent fraud and other crime, claims and other liabilities;
  • to protect the rights, safety, health, and security of our customers, our employees, our franchisees, and the general public, and to protect our property;
  • to anonymize your information for further internal and external use in a manner that does not identify you;
  • to comply with legal obligations and our Standards of Business Conduct; and
  • to establish, exercise or defend a legal claim.

 

We may use the information we collect about you in other ways, which we will tell you about at the time we collect it or before we begin using it for those other purposes.

If we are established in the EU or the European Economic Area (“EEA”) or are otherwise subject to the General Data Protection Regulation (“GDPR”), we process your personal information on the basis of

  • the necessity to perform a contract we have concluded with you or the necessity to take steps at your request prior to entering into such a contract (Article 6(1)(b) GDPR);
  • our prevailing legitimate interest to personalize and improve your overall customer experience and achieve the purposes set out above (Article 6(1)(f) GDPR);
  • the necessity to comply with legal obligations to which we are subject (Article 6(1)(c) GDPR); or in some cases,
  • your consent for which we may ask you in a separate process (Article 6(1)(a) GDPR).

 

Back to Top

3. How we share the information we collect

We do not sell your personal information and only share your information as described in this Privacy Statement or as otherwise communicated to you at the time we collect your information.

Please note that some US state statutes may define a “sale” to include sharing of personal information with third parties for valuable consideration. Many companies have common arrangements with online advertising networks and analytics companies that may potentially be considered sales under these definitions.

We may share your personal information with

  • members of the McDonald's Family: The McDonald's Family consists of McDonald’s Corporation and McDonald’s Global Markets LLC, and their affiliates and subsidiaries (“McDonald’s Entities”), and franchisees of McDonald’s Entities;
  • vendors who help us operate our business (including information technology service providers and marketing agencies that we use as well as those who use the information to detect or prevent fraud for us, and who may use the information to provide fraud detection and prevention services to others);
  • public authorities and courts;
  • buyers or other parties involved in a corporate transaction if we decide to sell or transfer all or part of our business;
  • our professional advisers such as our legal representatives, auditors and insurance brokers; and
  • business partners if they are involved in your customer experience, including product or service delivery (e.g., food delivery platforms).

 

Back to Top

4. Children's privacy notice

We understand how important it is to protect your privacy when you use our online services. We are especially committed to protecting the privacy of children who visit or use our online services. For more information on how a specific country protects children’s privacy, please see the country specific addendum.

We urge parents to regularly monitor and supervise their children's online activities. If you have any questions about our children’s privacy practices, please contact us at our Global or Local Data Protection Office using the contact information provided below. If you are contacting a Local Data Protection Office, please choose the office in the country in which you are a customer.

Back to Top

5. Your choices and rights

Marketing Communications

If you are subscribed to our marketing communications, you can later opt out by following the opt-out instructions in the marketing communications we send you. You can also generally find your communication preferences with instructions on how to opt out in the profile section of the online services that you use. You may also have the ability to change your communication preferences using your device settings. You can also opt out by contacting us at our Global or Local Data Protection Office using the contact information provided below. If you are contacting a Local Data Protection Office, please choose the office in the country in which you are a customer.

If you do opt out of receiving marketing communications from us, we may still send communications to you about your transactions, any accounts you have with us, and any contests, competitions, prize draws or sweepstakes you have entered. Opting out of one form of communication does not mean you have opted out of other forms as well. For example, if you opt out of receiving marketing emails, you may still receive marketing text messages if you have opted in to receiving them. Please note that if you are receiving communications from a McDonald’s franchisee, then you will need to opt out from them directly.

We do not share personal information with third parties for their own direct marketing purposes, unless you give us permission to do so. When we give you notice, and you consent, we will share your personal information as you direct us to.

Your personal information rights

Under applicable law, you may have the rights (under the conditions and to the extent set out in applicable law):

  • to check whether and what kind of personal information we hold about you and to access or to request copies of such data;
  • to request correction, supplementation, anonymization, blocking or deletion of information about you that is inaccurate, incomplete, outdated, unnecessary, excessive or processed in non-compliance with applicable requirements;
  • to request the restriction of the collection, processing or use of information about you;
  • in certain circumstances, to object for legitimate reasons to the processing of your information or to revoke consent previously granted for the processing while the latter does not affect the lawfulness of processing before the revocation;
  • to request data portability; and
  • to lodge a complaint with the competent authority.

For more information regarding these rights, and the countries where these rights are available, please see the country specific addendum.

 

Back to Top

6. Use of our online services and other technology

We and our vendors may use cookies, web beacons and other similar technologies on our online services and in other areas related to our business, such as online advertising, to collect information and provide you with the services or products that you have requested.

Cookies and other technologies

A “cookie” is a small text file that is placed onto an Internet user’s web browser or device and is used to remember and/or obtain information about the user.

A “web beacon” is a small object or image that is embedded into a web page, application, or email and is used to track activity. They are also sometimes referred to as pixels and tags.

Please note the following:

  • You might be assigned a cookie when using our online services.
  • We offer certain features that are available only through the use of cookies and other similar technologies.
  • We may use both session (for the duration of your visit) and persistent (for the duration of a fixed period of time) cookies and other tracking technologies.
  • Our online services and other areas related to our business may have web beacons.

 

Both we and selected third parties (such as our advertising networks) may use these technologies to collect information about your online activities, over time and across third-party websites and devices, and when using our online services to further personalize your experience with us.

Use the options in your web browser if you do not wish to receive a cookie or if you wish to set your browser to notify you when you receive a cookie. Click on the “Help” section of your browser to learn how to change your cookie preferences. If you disable all cookies, you may not be able to take advantage of all the features available on a website.

Some newer web browsers may have a "Do Not Track" preference that transmits a "Do Not Track" header to the websites you visit with information indicating that you do not want your activity to be tracked. McDonald’s does not currently take actions to respond to Do Not Track signals because a uniform technological standard has not yet been developed. We continue to review new technologies and may adopt a standard once one is created.

More information regarding how cookies and related technologies are used in a country in which you are a customer may be available in the country-specific addendum or a cookie preferences section of the online service.

Targeted advertising

When you use our online services, we (and our vendors) may collect information about your activities so that we can provide you with advertising tailored to your interests.

Because we utilize advertising (“ad”) networks, you may see certain ads on other websites. Ad networks allow us to target the information we send you based on your interests, other information related to you, and contextual means. These ad networks track your online activities over time by collecting information through use of cookies, web beacons, and other technologies. The ad networks use this information to show you advertisements that may be of particular interest to you. The ad networks we utilize may collect information about your visits to websites that also take part in the relevant ad network, such as the pages or advertisements you view and how you use the websites. We use this information, both on our online services and on third-party websites that take part in the ad networks, to provide you with advertising tailored to you, and to help us assess how effective our marketing is.

You can opt out of targeted advertising by visiting the Digital Advertising Alliance website or the Network Advertising Initiative website. If you choose to opt out, you will continue to receive advertisements, but they will not be tailored to your interests. Please refer to the country-specific addendum or a cookie preferences section of the online service for further information on your choices concerning target advertising. Moreover, depending on the type and version of the operating system of your mobile device, you may also be asked whether to enable targeted advertising.

Back to Top

7. Links to other websites and social media

Our online services may offer links to websites that are not run by us but by third parties. If you visit one of these linked websites, you should read the website’s privacy policy, terms and conditions, and their other policies. We are not responsible for the policies and practices of third parties. Any information you give to those organizations is dealt with under their privacy policy, terms and conditions, and other policies.

We may also have providers of other apps, tools, widgets and plug-ins (“Plug-Ins”) on our online services, such as Facebook “Like” buttons, which may also use automated methods to collect information about how you use these features. These organizations may use your information in line with their own privacy policies. Please see the country-specific addendum for further information on your choices concerning such Plug-Ins.

Back to Top

8. Information security

We are committed to taking appropriate measures designed to keep your personal information secure. Our technical, organizational and physical measures are designed to protect personal information from accidental, unlawful or unauthorized loss, access, disclosure, use, alteration, or destruction. While we make efforts to protect our information systems, no website, mobile application, computer system, or transmission of information over the internet or any other public network can be guaranteed to be 100% secure.

Back to Top

9. Retention

We keep your information for the length of time needed to carry out the purposes outlined in this Privacy Statement and to adhere to our policies on keeping records (unless a longer period is needed by law). Our records policies reflect applicable laws. We will retain and use your information to the extent necessary to manage your relationship with us, personalize and improve your overall customer experience, and to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, enforce our agreements, and as otherwise described in this Statement.

Back to Top

10. International data transfers

The McDonald’s Family is global in nature with business processes, management structures and technical systems that cross borders. As such, we may share information about you within the McDonald’s Family and transfer it to countries in the world where our vendors or members of the McDonald’s Family are established. Any international data transfers will be in accordance with this Privacy Statement and in compliance with applicable laws.

If we are established in Switzerland or in the EU/EEA or are otherwise subject to the GDPR or similar laws, we only transfer your personal information to countries that are considered by those laws to provide an adequate level of protection or otherwise where we have established or confirmed that all data recipients will provide an adequate level of data protection, in particular by way of entering into appropriate data transfer agreements based on Standard Contractual Clauses (e.g., Commission Implementing Decision (EU) 2021/914) and other suitable measures, which are accessible from us upon request.

McDonald’s Corporation and McDonald’s Global Markets LLC’s participation in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

On 16 July 2020, the European Court of Justice ruled that the Commission Implementing Decision (EU) 2016/1250 on the adequacy of the protection provided by the EU-US Privacy Shield is invalid.

Notwithstanding the above, McDonald’s Corporation and McDonald’s Global Markets LLC, a wholly-owned subsidiary, participate in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”) administered by the U.S. Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and Switzerland. For purposes of this Privacy Shield section only, McDonald’s Corporation and McDonald’s Global Markets LLC are each individually and collectively referred as “McDonald’s Global”. McDonald’s Global’s participation in the Privacy Shield subjects it to the investigatory and enforcement power of the Federal Trade Commission. You can view a complete list of all Privacy Shield participants, including McDonald’s Global, at the Privacy Shield participants’ page.

As a Privacy Shield participant, McDonald’s Global is committed to and has certified that it adheres to the Privacy Shield Principles for all personal information received from the European Union and Switzerland in reliance on the Privacy Shield. Please note the following:

  • McDonald’s Global may share personal information that is subject to the Privacy Shield Principles with vendors who provide services to it, as described above in Section 3. McDonald’s Global may be liable under the Privacy Shield if these vendors process such personal information in a manner inconsistent with the Privacy Shield and McDonald’s Global is responsible for the event giving rise to the damage.
  • McDonald’s Global may disclose personal information received in reliance on the Privacy Shield in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • You have the right to request access to personal information received by McDonald’s Global in reliance on the Privacy Shield, and to exercise choice in limiting McDonald’s Global use and disclosure of such information. If you are interested in exercising your right and choice, please contact McDonald’s Global at the address, phone number or email address below.

 

McDonald’s Global’ s privacy practices are provided in this Privacy Statement. McDonald’s Global encourages you to contact it at any time with questions, concerns or complaints about its privacy practices and participation in the Privacy Shield; simply use the address, phone number or email address provided below. You may also refer a complaint to your local data protection authority and McDonald’s Global will work with them to resolve your concern.

If McDonald’s Global is unable to resolve your concern regarding your personal information received by McDonald’s Global under the Privacy Shield, you have the right to direct your unresolved concern to JAMS, an independent dispute resolution service based in the United States, to provide recourse at no charge to you. To seek recourse for an unresolved concern, visit JAMS' Privacy Shield Dispute Resolution page. If JAMS is unable to resolve your concern, you may have the right to invoke binding arbitration under certain conditions. To learn more about this option, visit the Privacy Shield "How to Submit a Complaint" page.

Please note that the foregoing processes apply only to the resolution of disputes regarding personal information received by McDonald’s Global under the Privacy Shield. All other disputes that you may have with McDonald’s Global or any other members of the McDonald’s Family, or any agents, representatives, agencies, officers, directors, or employees, must be resolved in accordance with the terms and conditions of any applicable websites, mobile apps, email newsletters, email subscriptions or other digital properties owned or controlled by a member of the McDonald’s Family.

For more information about the Privacy Shield program, and to view McDonald’s Global’ s certification, please visit the Privacy Shield website.

Back to Top

11. Changes to our privacy statement

This Privacy Statement is in effect as of the date noted at the top of the statement. We may change this Privacy Statement from time to time. If we do, we will post the revised version here and change the “last updated date” (the date it applies from) at the top of the statement and/or contact you directly where we deem appropriate to do so under applicable law. You should check here regularly for the most up-to-date version of the statement.

Back to Top

12. How to contact us

In line with our Standards of Business Conduct, we hold ourselves to ethical standards when it comes to data privacy and protection and we welcome any feedback or questions you may have concerning the collection and processing of your personal data.

Our contact details and those of our Local Data Protection Office as well as the contact details of our data protection officer, if appointed, can be found in the country-specific addendum. To exercise your rights under the GDPR, please read the country-specific addendum.

The McDonald’s Global Data Protection Office can be reached at

Attention: Global Data Protection Office
Privacy at McDonald's, Dept. 282
110 North Carpenter Street
Chicago, IL 60607-2101, USA
contact.privacy@us.mcd.com

McDonald’s Corporation has appointed a data protection officer who can be reached at:

Attention: Data Protection Officer
Privacy at McDonald's, Dept. 282
110 North Carpenter Street
Chicago, IL 60607-2101, USA
contact.privacy@us.mcd.com

Back to Top

 

 

III. Country-specific addendum for Belgium

 

 

Last updated: 19 October 2021

i. McDonald’s Belgium NV as the Data controller within the Belgian market

The following entity is responsible for the processing of your personal data within the Belgian market and therefore acts as data controller:

McDonald's Belgium NV
Airport Plaza, Stockholm Building
5th Floor Leonardo Da Vincilaan 19
1831 Diegem
Belgium

McDonald’s Belgium NV is registered in the Crossroads Bank of Enterprises under number 0420.365.237.

ii. Applicable legislation and scope

As a Belgian legal entity, we are subject to the Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) and any Belgian implementing legislation and any replacement legislation governing the processing of personal data. All terms and words related to the processing of personal data have the meaning as mentioned in the GDPR.

iii. Personal data of children

We attach a lot of importance to the privacy of children. You can only rely on some of our services (for instance, mobile applications) when you have reached the age of thirteen (13).

Children who want to use our services need to be supervised by their parent(s) or legal guardian(s). Parent(s) or legal guardian(s) are encouraged to take an active part in the child’s (online) activities.

We will take appropriate measures to reasonably ensure that any child, who has not yet reached the required age limit of thirteen (13) years, is unable to use our services unless we have obtained the required consent of the parent(s) or legal guardian(s). Children may also be asked to confirm they have obtained that permission, and we reserve the right to verify parental or guardian consent, where required.

iv. Your rights regarding your personal data

You have the following rights under GDPR:

  • Where processing your personal information is based on your consent, you may withdraw this consent at any time; the withdrawal of the consent shall not affect the lawfulness of processing based on consent before its withdrawal;
  • Request access to your personal information and obtain a copy of it;
  • Obtain your personal information in a structured, commonly used and machine-readable format and request us to transmit it directly to another company in cases you provided us with your personal information and it is processed based on your prior consent, or required for the performance of a contract;
  • Have your personal information corrected when it is inaccurate or incomplete;
  • Object on grounds relating to your particular situation to our processing of your personal information based on our legitimate business interest, including profiling, and to the sending of marketing communications;
  • Have your personal information erased, including any links to, copy or replication of such information, as permitted under applicable law; for instance, when your information is outdated, not necessary or unlawful or when you withdraw your consent to our processing based on such consent, or when you successfully object to our processing;
  • Obtain the restriction of the processing while we are processing your request or challenge pertaining to the accuracy of your personal information or the lawfulness of the processing of your personal information and our legitimate interests to process this information, or if you need the personal information for litigation purposes.
  • Possibility to lodge a complaint. If you are not satisfied with the processing of your personal data by McDonald’s Belgium, you have the right to lodge a complaint with the competent Data Protection Authority (for Belgium: contact@apd-gba.be and more information on https://www.dataprotectionauthority.be/).

 

You may exercise these rights free of charge unless the request is unfounded or excessive, for instance because it is repetitive.

For the exercise of your rights, please contact us using the contact information provided below.

In some situations, we may refuse to act or may impose limitations on your rights, as permitted by applicable law.

Before we are able to provide you with any information or correct any inaccuracies, we may ask you to verify your identity and/or provide other details to help us respond to your request.

v. Cookies and other technologies

A copy of McDonald’s Belgium’s cookies policy can be found here.

vi. How to contact McDonald’s Belgium

If you have data protection questions specific to McDonald’s Belgium, you can reach us at:

By post:
McDonald's Belgium NV
To the attention of: the Privacy Team

Airport Plaza, Stockholm Building
5th Floor Leonardo Da Vincilaan 19
1831 Diegem
Belgium

By e-mail:
data_privacy@be.mcd.com

Download our McDonald’s® app

Download our McDonald’s® app

Collect MyM Points which you can swap for free MyM Rewards. Also, you'll regularly score exclusive MyM Deals and awesome extras, which we only offer to our app users!

Download on the App Store Get it on Google Play