Last Updated: May 2018
What Kind of Information We Collect
How We Use the Personal Information We Collect
How We May Disclose the Personal Information We Collect
How We May Use and Disclose Other Information We Collect
How to Manage Your Account Information
How We Protect Your Personal Information
Our Policy on Cookies, Interest-Based Advertising and "Do Not Track"
Social Networking and Third Party Sites
Children’s Online Privacy
Updates to this Policy
1. What Kind of Information We Collect
Information You Provide
Whether accessing the DD/BR Online Services from your home computer, mobile phone, or other device, Dunkin’ Brands and its agents may collect information you directly provide. For example, we collect information when you register an account, join the DDPerks Program, enroll in our mailing lists or text message campaigns, locate a restaurant, apply for a job, interact with Customer Care, or otherwise communicate or transact with us through the DD/BR Online Services. We also collect information when you access the DD/BR Online Services using voice functionality services available through the microphone on a third party device.
The information we collect may include Personal Information. “Personal Information” is information that identifies you personally (whether alone or in combination). Some examples of data we collect include the following:
- Name and Contact Data: We collect your first and last name; mailing address; telephone number; e-mail address, and other similar contact data. If you are a franchisee, we collect your contact information and that of your employees;
- Credentials: We collect username and password , and similar security information (for account authentication and administration);
- Demographic Data: We collect information about your interests and activities, your gender, month and day of birth, and other demographic information;
- Payment Data: We collect data necessary to process your payments if you make purchases through the DD/BR Online Services, such as your financial account information and other payment information, or other forms of payment including Stored Value Cards (which may include Personal Information);
- Contacts: In some cases, we may collect information that you provide about others, including Personal Information, such as when you send your contacts benefits, coupons, or gifts. We will use the information you provide to fulfill your requests, including (if applicable) sending them a text message, and we will not send marketing communications to your contacts unless they have a separate relationship with us. Such functionality is intended only for United States residents. By using this functionality, you acknowledge and agree that both you and your contacts are based in the U.S. and that you have your contacts’ consent for us to use their contact information to fulfill your request;
- Content: We collect the content of messages you send to us, such as feedback and information you provide to customer service. We also collect the content of your communications as necessary to provide you with the DD/BR Online Services you use;
- Contests/Promotions: We may collect additional Personal Information necessary for the administration of certain promotional events or features of our Loyalty Program; and
- Resume Data. We collect data as necessary to consider you for a job opening if you submit an application to us, such as your employment history, transcript, writing samples, and references.
If you are accessing the DD/BR Online Services as a current or potential franchisee, we may ask you to provide additional Personal Information, including your full date of birth, contact information, financial information, and employment history.
You may choose to voluntarily submit other information to us through the DD/BR Online Services that we do not request, and, in such instances, you are solely responsible for such information. Please note that if you access the DD/BR Online Services using voice functionality services available through the microphone on a third party device, it may collect background noise or communications that you do not voluntarily provide. Therefore, you should take steps to prevent the communication of unnecessary information when accessing the DD/BR Online Services using voice functionality services.
Information Collected Automatically
In addition, we automatically collect information about your device and how your device interacts with the DD/BR Online Services. We may use Service Providers to collect this information. Some examples of information we collect include the following:
o Service Use Data: We collect data about the features you use, the pages you visit, the e-mails and advertisements you view, the products you purchase, the time of day you browse, your referring and exiting pages, and other similar information.
o Device Connectivity and Configuring Data. We collect data about the type of device or browser you use, your device’s operating software, your internet service provider, your device’s regional and language settings, and other similar information. This data also includes IP address, MAC address, device advertising ID (e.g., IDFA or AAID), and other device identifiers.
o Location Data. We collect data about your device’s location, which can be precise (e.g., latitude/longitude data) or imprecise (e.g., location derived from an IP address or data that indicates a city or postal code level).
We use various current – and later – developed technologies to collect this information (“Tracking Technologies”), to collect information about your interactions with the DD/BR Online Services, including information about your browsing and activity behavior:
o Log Files.
A log file is a file that records events that occur in connection with your use of the DD/BR Online Services, such as your service use data.
- Pixel Tags (“Web Beacons” or “clear gifs”)
Pixel Tags are small graphic images, also known as “web beacons” or “clear gifs,” embedded in web pages and e-mail messages. Pixel Tags may be used to count the number of visitors to the DD/BR Online Services, to monitor how users navigate the DD/BR Online Services, and to count content views.
- Embedded Scripts
An embedded script is programming code designed to collect information about your interactions with the DD/BR Online Services. It is temporarily downloaded onto your device from our web server or a third party with whom we work, is active only while you are connected to the DD/BR Online Services, and deleted or deactivated thereafter.
- Location-identifying Technologies
GPS (global positioning systems) software, geo-filtering, Bluetooth, and other location-aware technologies locate (sometimes precisely) you for purposes such as verifying your location and delivering or restricting relevant content based on your location. For example, if you have Bluetooth enabled on your device, we may use beacons to determine if you are near a Dunkin Brands physical location (or another retailer), and to send you advertising or promotions via push notifications. We may also associate your location captured via Bluetooth with your device identifier, and combine that data with transactional information to improve the services offered to you.
- Voice Processing Technologies
- Device Fingerprinting.
- In-App Tracking Methods
There are a variety of tracking technologies that may be included in mobile apps, and these are not browser-based like cookies and cannot be controlled by browser settings. Some use device identifier, or other identifiers such as mobile Ad IDs to associate app user activity to a particular app and to track user activity across apps.
- Connected Devices
We may use technology in connected devices, including your vehicle, home assistant, or smartwatch, to determine your location, serve advertising, or provide promotional offers. Information we collect through your connected devices will depend on the device and your settings, but may include voice, location, payment information, or biometric data. We may also associate the information from connected devices to your device identifier and combine that with transactional information to improve the services offered to you. For more information please refer to the sections on “Location-identifying Technologies” and “Voice Processing Technologies” above.
Some information about your use of the DD/BR Online Services and certain Third Party Services (defined below) may be collected using Tracking Technologies across time and services and used by us and third parties for purposes such as to associate different devices you use, and deliver relevant ads and/or other content to you on the DD/BR Online Services and certain Third Party Services.
For further information on Tracking Technologies and your rights and choices regarding them, please see “Third Party Services” and “Your Rights and Choices” below.
Information from Franchisees and Other Third Party Sources
• Data brokers from which we purchase demographic data to supplement the data we collect.
• Social networks when you reference our Service or grant permission to Company to access your data on one or more of these services.
• Partners with which we offer co-branded services, sell or distribute our products, or engage in joint marketing activities.
• Publicly-available sources such as open government databases or other data in the public domain.
For further information on Third Party Services, see the “Third Parties” section below.
2. How We Use the Information We Collect
We use information about you for our legitimate interests, including to:
- process and manage the DD/BR Online Services, including your use of our products and services;
- perform services requested by you, such as to respond to your inquiries or requests;
- communicate with you in connection with our and third party products, services, offers, promotions, rewards, and marketing efforts, such as when we send you offers and promotions that you can take advantage of through the DD/BR Online Services or at your local Dunkin’ Donuts or Baskin-Robbins shop (for information about how to manage these communications and marketing efforts, please see “Your Rights and Choices” below);
- maintain, market, and improve our Loyalty Program;
- further our business purposes, such as to perform data analysis, audits, fraud monitoring and prevention, to enhance, improve or modify the DD/BR Online Services, to identify usage trends, determine the effectiveness of our promotional campaigns and to operate, improve and expand our business activities; and
- if you are accessing the DD/BR Online Services as a current or potential franchisee, we may use the information that you provide to assist in the assessment of your application for a Dunkin’ Brands franchise as well as improve and conduct our franchise marketing efforts. We use the contact information you provide to communicate with you and your employees about important information relevant to franchisees.
We also use information about you with your consent, including to:
- create and deliver personalized content, features, and promotions, including based on the amounts and types of purchases you make and benefits you receive;
- communicate with you about Dunkin’ Brands, including about your orders or purchases, your services, accounts, reminders about events, contests you entered into, your requests for information, and to update you about changes to the DD/BR Online Services;
- allow you to send communications or benefits (for example gifting through the Dunkin’ Donuts mobile application) to friends or family through the DD/BR Online Services if you and your friends/family are located in the US; and
- fulfill any other purpose disclosed at the time you provide information and your consent.
We may use information that does not identify you (including information that has been de-identified) without obligation to you except as prohibited by applicable law. For information on your rights and choices regarding how we use your information, please see the section entitled “Your Rights and Choices” below.
3. How We May Disclose Information We Collect
We may disclose your information to third party service providers to provide us with services such as website hosting, professional services, including information technology services and related infrastructure, customer service, marketing, e-mail delivery, auditing and other similar services.
Business Partners and Other Third Parties
We may disclose your information to our business partners and other third parties for their own business purposes, including direct marketing purposes (California residents and data subjects in Europe have certain rights set forth in “Your California Privacy Rights” and “Your European Privacy Rights” below).
Sharing at Your Request
We may disclose your information to third parties in order to perform services you request or functions you initiate, such as when you post information and materials on our message boards and forums. When you post information in a public forum it becomes public information, and you are solely responsible for that information. In addition, we may disclose your information in order to identify you to anyone to whom you send communications through the DD/BR Online Services, including through our gifting program.
Corporate Transactions or Events
We may disclose your information to a third party in connection with a corporate reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock, including in connection with any bankruptcy or similar proceedings.
Other Legal Reasons
In addition, we may use or disclose your information as we deem necessary or appropriate: (1) under applicable law, including laws outside your country of residence; (2) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (3) to comply with subpoenas and other legal processes; (4) to pursue available remedies or limit damages we may sustain; (5) to protect our operations or those of any of our Affiliates; (6) to protect the rights, privacy, safety or property of Dunkin’ Brands, our Affiliates, you and others; and (7) to enforce our terms and conditions.
We may share your information for any other purpose disclosed to you and with your consent.
Without limiting the foregoing, in our sole discretion, we may share aggregated information which does not identify you or de-identified information about you with franchisees, third parties, or Affiliates for any purpose, except as prohibited by applicable law. For information on your rights and choices regarding how we share your information, please see the “Your Rights and Choices” section below.
4. Sweepstakes, Contests, Promotions.
We may offer sweepstakes, contests, surveys, and other promotions (each, a “Promotion”) jointly sponsored or offered by third parties that may require submitting Personal Information. If you voluntarily choose to enter a Promotion, your Personal Information may be disclosed to third parties for administrative purposes and as required by law (e.g., on a winners list). By entering, you agree to the official rules that govern that Promotion, and may, except where prohibited by applicable law, allow the sponsor and/or other parties to use your name, voice and/or likeness in advertising or marketing materials.
5. Third Party Services, Devices and Links
Social Networking and Other Third Party Features
Analytics and Online Advertising
We may use Google Analytics and other third parties for analytics services. These third parties may use Tracking Technologies to track the actions of users of the DD/BR Online Services, to measure statistics of user activity on the DD/BR Online Services, and provide other services relating to DD/BR Online Services activity and internet usage. We may also engage and work with third parties to serve advertisements on the DD/BR Online Services and/or on Third Party Services. These third parties may use Tracking Technologies to track marketing efforts and to deliver “interest-based advertisements” that may be more relevant to individual consumers. For example, if your information indicates that you live in an area where a particular in-store promotion is going on (such as a new snack offering), you may receive an advertisement on the DD/BR Online Services and/or on a Third Party Service that is specific to that promotion. As above, the information collected and stored by any such Third Party Services remains subject to their own policies and practices.
For further information on Tracking Technologies and your rights and choices regarding them, please see “Information Collected Automatically” above and “Your Rights and Choices” below.
6. Your Rights and Choices
Review and Update of Account Information
You can visit the account section of the DD/BR Online Services to access or update certain account information we have on file about you and that you have submitted through the DD/BR Online Services. Alternatively, you may call us at 1-800-859-5339 to request that it be updated or removed. We may require additional information from you to allow us to confirm your identity. Please note that if you ask us to remove information, we will remove it from consumer-facing parts of the DD/BR Online Services, but may continue to store and use the information for internal analytics purposes.
We may retain your information for as long as your account is active or as reasonably useful for commercial purposes. We will retain and use your information as necessary to comply with our legal obligations or data retention policies, resolve disputes, and enforce our agreements.
If, at any time, you decide you would rather not receive these types of communications, you can opt-out by following the instructions contained in those communications. For email communications, you may click the unsubscribe link at the bottom of any email sent from Dunkin’ Brands or its Affiliates to opt-out. For text message communications, you may opt-out by texting “STOP” to the appropriate shortcode available from our confirmation text message. For push notifications or in-app messages, you may adjust the permissions in your mobile device. You can also update contact preferences for your Dunkin’ Brands account by visiting the DD/BR Online Services. Please note that your opt-out is limited to the e-mail address, phone number, or device used and will not affect subsequent subscriptions or, for e-mails, “transactional or relationship” communications.
Tracking Technologies Generally and "Do Not Track”
If you do not wish to receive Cookies or wish to manage when you accept Cookies in general, you may set your browser to reject Cookies or to alert you when a Cookie is placed on your device. Although you are not required to accept our Cookies, if you set your browser to reject Cookies, you may not be able to use all of the features and functionality of the DD/BR Online Services. For example, you may not be able to add items to your Shopping Cart, proceed to Checkout, or use any products and services that require you to sign in. To find out more about Cookies, including how to see what Cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
With respect to our mobile apps, you can stop all collection of information via the app by uninstalling the app. Also, you may be able to exercise specific privacy choices, such as enabling or disabling certain location-based services, by adjusting the permissions in your mobile device. Please be aware that if you disable or remove these technologies some parts of the DD/BR Online Services may not work.
Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, we do not monitor or take action with respect to “Do Not Track” signals or other mechanisms. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.
Analytics and Interest-Based Advertising
We support the Self-Regulatory Principles for Online Behavioral Advertising of the Digital Advertising Alliance (“DAA”) (“Principles”). This means that we allow you to exercise choice regarding the collection of information about your online activities over time and across third-party websites for online interest based advertising purposes. More information about these Principles can be found at www.aboutads.info/. If you want to “opt out” of receiving online interest-based advertisements on your internet browser from advertisers and third parties that participate in the DAA Self-Regulatory Program for Online Behavioral Advertising and perform advertising-related services for us and our partners, please follow the instructions at www.aboutads.info/choices, or http://www.networkadvertising.org/choices/. An “opt-out” Cookie will be placed on your device indicating that you do not want to receive interest-based advertisements. Opt-out Cookies only work on the internet browser and device they are downloaded onto. If you want to opt-out of interest-based advertisements across all of your browsers and devices, you will need to opt-out on each browser on each device you actively use. If you delete Cookies on your device generally, you will need to opt-out again. If you want to “opt out” of receiving online interest-based advertisements on your mobile apps, please follow the instructions at http://www.aboutads.info/appchoices. Please note that when you “opt-out” of receiving interest-based advertisements, this does not mean you will no longer see advertisements from us or on the DD/BR Online Services. It means that the online ads that you do see from participants should not be based on your particular interests. Dunkin’ Brands is not responsible for effectiveness of, or compliance with, any third-parties’ opt out options or programs or the accuracy of their statements regarding their programs. In addition, third parties may still use Tracking Technologies to collect information about your use of the DD/BR Online Services, including for analytics and fraud prevention as well as any other purpose permitted under the Principles.
7. Your California Privacy Rights
Dunkin’ Brands may share personal information as defined by California’s “Shine the Light” law with third parties and/or Affiliates for such third parties’ and Affiliates’ own direct marketing purposes. If you are a California customer, you are entitled to request certain information regarding our compliance with this law. To request such a notice, please send a letter to: Dunkin' Brands, Inc., 130 Royall Street, Canton, MA 02021, Attn: Customer Service. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that Dunkin’ Brands is not required to respond to requests made by means other than through the provided e-mail address or mail address.
8. Your European Privacy Rights
If you are a data subject in the European Economic Area (“EEA”), you have the right to access, rectify, or erase any personal data we have collected about you through the DD/BR Online Services. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you through the DD/BR Online Services. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.
To exercise any of these rights, contact us as set forth in the section entitled “Contact Us” below and specify which right you intend to exercise. We will respond to your request within 30 days. We may require additional information from you to allow uto confirm your identity. Please note that we store information as necessary to fulfill the purposes for which it was collected, and may continue to retain and use the information even after a data subject request for purposes of our legitimate interests, including to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.
If you have any issues with our compliance, you have the right to lodge a complaint with an EEA supervisory authority.
9. Children’s Online Privacy
Dunkin’ Brands recognizes the importance of protecting the privacy of children online. The DD/BR Online Services are intended for general audiences and are not directed to children under thirteen (13). We do not knowingly collect personal information as defined by the U.S. Children’s Online Privacy Protection Act (“COPPA”) from children in a manner that is not permitted by COPPA.
If you become aware that a child under the age of 13 has provided us with personal information as defined by COPPA through the DD/BR Online Services, we ask that you e-mail us at email@example.com. If we become aware that a child under 13 has provided us with personal information as defined by COPPA, we will delete the child’s information from our records to the extent required by COPPA.
10. International Transfer
11. Data Controller Information
12. Data Security
We implement and maintain reasonable administrative, physical, and technical security measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of your information collected through the DD/BR Online Services.
13. Updates to this Policy
14. Contact Us
If you have any questions regarding our privacy practices, our data practices, or our compliance with applicable law, you can email us at firstname.lastname@example.org. You also can call us at 1-800-859-5339, or you can write to us at Dunkin’ Brands Customer Service, Dunkin’ Brands, Inc., 130 Royall Street, Canton, MA 02021.
For EU-specific requests, you can reach our Data Protection Officer (“DPO”) at email@example.com.