KFC - EEA PRIVACY NOTICE
Last modified: December 7, 2020
This EEA and UK Privacy Notice supplements the information contained in our Privacy Policy and applies solely to individual residents that are located in the European Economic Area ("you" and to the Sites and Services available in the EEA as well as the UK that link to this Privacy Notice).
Unless otherwise expressly stated, all terms have the same meaning as defined in our Privacy Policy or as otherwise defined in the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council (“GDPR”).
For the purposes of EU data protection laws, including the GDPR, KFC is data controller (i.e., is responsible for, and controls the processing of, the personal data that has been collected by it). For more information on the controllers’ place of business and contact information, see “How to Contact Us,” below. Please note: KFC brand restaurants, Sites and Services are owned and operated by independent franchisees in many EEA and UK locations. This EEA and UK Privacy Notice only applies to our processing of your personal information and does not apply to the processing of your personal information by an independent franchisee. We share the personal data with our franchisees CK System Franchise Limited and/or PHC Franchised Restaurants Limited to the extent necessary for the purposes of providing services to you, customer management, content customization, advertising (if you have consented), security or in connection with services for which you have provided your consent.
Legal basis for processing in the EEA and UK: In the EEA and UK, the purposes for which we process your personal data are:
- the provision of personal data by you may be necessary for the performance of any contractual relationship we have with you;
- where it is necessary for compliance with our legal obligations laid down by EEA and UK law;
- where in our legitimate interests (provided these are not overridden by your interests and fundamental rights and freedoms - this includes our own legitimate interests and those of other entities and branches in our group of companies) such as:
-
- to contact you and respond to your requests and enquiries;
- for business administration, including statistical analysis;
- to provide the Sites to you;
- for fraud prevention and detection; and
- to comply with applicable laws, regulations or codes of practices.
We may also process your personal data on the basis of your freely given, specific, informed and unambiguous consent. You should be aware that you are entitled under Data Protection Law to withdraw your consent where that has been given, at any time. If you do this and we have no alternative lawful reason to process your personal data, this may affect our ability to provide you with rights to use the Service.
Please see the table at Annex 1 sets out in detail the categories of personal information we collect about you and how we use that information when you use the Service, as well as the legal basis which we rely on to process the personal information and recipients of that personal information.
In addition, the table at Annex 2 sets out in detail the categories of personal information we collect about you automatically and how we use that information. The table also lists the legal basis which we rely on to process the personal information and recipients of that personal information.
Data storage and transfer in the EEA and UK: If you are located in the EEA or UK, your information that we collect through our Service will be stored and processed primarily in the EEA or UK. If we transfer information outside of the EEA or UK, we will ensure that:
(a) the personal information is transferred to countries recognized as offering an equivalent level of protection; or
(b) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission. Notwithstanding these measures, the country and jurisdiction to which data is transferred may provide for a lower standard of data protection than the one under the EEA or UK law.
Individual rights of residents in the EEA: If you are located in the EEA or UK, you have the following rights in respect of your personal data that we hold:
-
- Right to object. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. You can object to marketing activities for any reason whatsoever.
- Right of access. The right to obtain access to your personal data.
- Right to rectification. The right to obtain rectification of your personal data without undue delay where that personal data is inaccurate or incomplete.
- Right to erasure. The right to obtain the erasure of your personal data without undue delay in certain circumstances, such as where the personal data is no longer necessary in relation to the purposes for which it was collected or processed.
- Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal data in certain circumstances, such as where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of that personal data.
- Right to portability. The right to portability allows you to move, copy or transfer personal data easily from one organization to another.
If you wish to exercise one of these rights, please contact us using the contact details at the end of this Notice.
You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Retention: For individuals based in the EEA, we store personal data for as long as necessary to fulfill the purposes for which we collect the data, except if required otherwise by law.
HOW TO CONTACT US
If you have any questions about this Privacy Policy or the Service, please contact us:
|
KFC Europe |
KFC Europe Sarl Regus at Place de la Gare 12, 1003 Lausanne, Switzerland Email: info@kfc.com.cy |
ANNEX 1
|
Category of personal information |
How we may use it |
Legal basis for the processing |
|
Profile information such as your name, phone number, birth date and profile picture. |
We may use this information to set up and authenticate your account on the Service. |
The processing is necessary for the performance of a contract with you and to take steps prior to entering into a contract with you. |
|
We may use this information to communicate with you, including sending service-related communications.
|
The processing is necessary for the performance of a contract with you. |
|
|
We may use this information to send you marketing communications in accordance with your preferences.
|
We will only use your personal information in this way to the extent you have given us consent to do so. |
|
|
We may use this information to deal with enquiries and complaints made by or about you relating to the Service.
|
The processing is necessary for our legitimate interests, namely administering the Service, and for communicating with you effectively to respond to your queries or complaints. |
|
|
Payment and transaction information including payment information (such as your credit or debit card details or your bank account details), and time, date and value of transactions. |
We use this information to facilitate transactions and provide you with the Service.
|
The processing is necessary for the performance of a contract with you. |
|
We use this information to provide customer support.
|
The processing is necessary for the performance of a contract with you. |
|
|
We use this information to detect and prevent fraud.
|
The processing is necessary for our legitimate interests, namely the detection and prevention of fraud.
|
|
|
Location Data |
We use GPS technology to determine your current location in order to provide you with relevant content and to show where you have made such content. |
The processing is necessary for our legitimate interests, namely administering the Service.
|
|
We will only use your personal information in this way to the extent you have given us consent to do so.
|
||
|
Comments, chat and opinions |
When you contact us directly (e.g., by email, phone, mail or by completing an online form or participating in online chat), we may record your comments and opinions. |
The processing is necessary for our legitimate interests, namely to respond to your question or comment, to evaluate and improve our products and services and to inform our marketing and advertising.
|
|
Information received from third parties, such as social networks. If you interact with the Service through a social network, we may receive information from the social network such as your name, profile information, and any other information you permit the social network to share with third parties. The data we receive is dependent on your privacy settings with the social network. |
We may use this information to authenticate you and allow you to access the Service.
|
The processing is necessary for the performance of a contract with you. |
|
We may use this information to tailor the way this is displayed to you (such as the language in which it is presented to you). |
The processing is necessary for our legitimate interests, namely tailoring the Service so that it is more relevant to our users. |
|
|
Usage information, such as the time for which you use our products, your results when you use our products, any issues experienced when you use our products and any other information generated by the products about how you use our products. |
We may use this information to analyze how the Service performs, to fix issues with the Service, to improve the Service and develop new products and services. |
The processing is necessary for our legitimate interests, namely improving our products and services, dealing with any errors in our products and services and developing new products and services.
|
|
We may use this information to develop new products and features available through the or otherwise improve the Service.
|
The processing is necessary for our legitimate interests, namely developing and improving the Service. |
|
|
All personal information set out above. |
We may use all the personal information we collect to operate, maintain and provide to you the features and functionality of the Service, to communicate with you, to monitor and improve the Service and business, and to help us develop new products and services.
|
The processing is necessary for our legitimate interests, namely to administer and improve the Service. |
ANNEX 2
|
Category of personal information |
How we may use it |
Legal basis for the processing |
|
Information about how you access and use the Service. For example, how frequently you access the Service, the time you access the Service and how long you use it for, the approximate location that you access the Service from, whether you access the Service from multiple devices, and other actions you take on the Service. |
We may use information about how you use and connect to the Service to present the Service to you on your device.
|
The processing is necessary for our legitimate interests, namely to tailor the Service to the user. |
|
We may use this information to determine products and Services that may be of interest to you for marketing purposes.
|
The processing is necessary for our legitimate interests, namely to inform our direct marketing. |
|
|
We may use this information to monitor and improve the Service and business, resolve issues and to inform the development of new products and services. |
The processing is necessary for our legitimate interests, namely to monitor and resolve issues with the Service and to improve the Service generally. |
|
|
Log files and information about your device. We also collect information about the tablet, smartphone or other electronic device you use to connect to the Service. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers and applications connected to the Service through the device, your mobile network, your IP address and your device’s telephone number (if it has one). |
We may use information about how you use and connect to the Service to present the Service to you on your device.
|
The processing is necessary for our legitimate interests, namely to tailor the Service to the user. |
|
We may use this information to determine products and Services that may be of interest to you for marketing purposes. |
The processing is necessary for our legitimate interests, namely to inform our direct marketing. |
|
|
We may use this information to monitor and improve the Service and business, fraud prevention and detection, resolve issues and to inform the development of new products and services.
|
The processing is necessary for our legitimate interests, namely to monitor and resolve issues with the Service and to improve the Service generally. |