Privacy Policy
This Privacy Policy describes how Chopt ("we," "us," "our," or the "Company") collects, uses, discloses, retains, and protects information about you when you visit our website at new-chopt.rest, use our online ordering platform, interact with our digital services, or otherwise engage with us in connection with our food services (collectively, the "Services"). Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described herein.
We are committed to protecting your privacy and handling your personal information responsibly, transparently, and in accordance with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Federal Trade Commission Act (FTC Act), and other applicable federal and state privacy regulations.
1. About Us
Chopt is a food service company operating in the United States. We provide fresh, made-to-order salads and food products through our restaurant locations and digital ordering platforms. Our contact details for all privacy-related matters are as follows:
| Company Name | Chopt |
|---|---|
| Website | new-chopt.rest |
| Email Address | [email protected] |
2. Scope of This Privacy Policy
This Privacy Policy applies to all personal information collected through:
- Our website located at new-chopt.rest and any subdomains thereof;
- Our mobile applications, if any;
- Our online food ordering and delivery systems;
- Our loyalty and rewards programs;
- Email, telephone, and other electronic communications between you and Chopt;
- In-restaurant point-of-sale systems and digital kiosks;
- Social media interactions and third-party platforms that link to this Privacy Policy;
- Any other means through which you interact with our brand or Services.
This Privacy Policy does not apply to third-party websites, applications, or services that may be linked from our website. We encourage you to review the privacy policies of any third-party platforms you visit.
3. Information We Collect
We collect several categories of personal information depending on how you interact with us. The categories below describe what we collect, why we collect it, and the sources from which it is obtained.
3.1 Information You Provide Directly
When you create an account, place an order, sign up for our newsletter, participate in promotions, or contact our customer support, you may provide us with the following types of personal information:
- Identity Information: Full name, username or display name, date of birth (to verify age eligibility).
- Contact Information: Email address, mailing address, billing address, and telephone number.
- Account Credentials: Password and security question answers used to authenticate your account.
- Payment Information: Credit card numbers, debit card numbers, billing address, and other payment details. Note: Full payment card data is processed by PCI-DSS-compliant third-party payment processors; we do not store raw card numbers on our servers.
- Order History: Details of food items ordered, customizations, special dietary instructions, delivery addresses, and frequency of orders.
- Communications Content: Messages you send us via email, chat, or contact forms, including feedback, complaints, and requests.
- Loyalty Program Data: Points accumulated, rewards redeemed, preferences, and participation records.
- Survey Responses: Answers you provide in satisfaction surveys, market research, or promotional contests.
3.2 Information Collected Automatically
When you access our website or mobile applications, we and our service providers automatically collect certain technical and usage data, including:
- Device Information: Device type, operating system, browser type and version, screen resolution, device identifiers, and hardware model.
- Network Information: IP address, internet service provider (ISP), and general geographic location derived from IP address (city, state, country level).
- Usage Data: Pages visited, time and date of visits, time spent on each page, links clicked, referring URLs, and navigation paths through our website.
- Log Data: Server logs that record requests made to our servers, error reports, and diagnostic information.
- Cookie and Tracking Data: Information collected through cookies, web beacons, pixel tags, local storage, and similar tracking technologies. Please see Section 9 (Cookies and Tracking Technologies) for more details.
- Location Data: Approximate location based on IP address; precise geolocation data only if you grant explicit permission through your device settings.
3.3 Information from Third Parties
We may receive personal information about you from third-party sources, which we combine with information we collect directly:
- Social Media Platforms: If you choose to log in or connect via a social media account (e.g., Google, Facebook, Apple), we receive certain profile information permitted by your privacy settings on that platform.
- Delivery Partners: Third-party delivery services (e.g., DoorDash, Uber Eats, Grubhub) may share delivery address and order fulfillment data with us.
- Payment Processors: Payment service providers confirm transaction status and may provide fraud risk signals.
- Marketing and Analytics Partners: Third parties that help us analyze website traffic or run advertising campaigns may provide aggregated or de-identified data about user behavior.
- Publicly Available Sources: Information lawfully available from public databases, social media, or government records.
3.4 Sensitive Personal Information
We do not intentionally collect sensitive personal information such as social security numbers, driver's license numbers, financial account numbers (beyond payment processing), health or medical data, racial or ethnic origin, religious beliefs, or biometric data. If you voluntarily provide dietary preference information (e.g., gluten-free, vegan), we treat this with heightened care.
4. How We Use Your Information
We use the personal information we collect for the following business purposes:
4.1 Service Provision and Order Fulfillment
- To process and fulfill food orders placed through our website, app, or in-restaurant systems;
- To manage your account, loyalty membership, and saved preferences;
- To facilitate payment processing and issue receipts or refunds;
- To coordinate delivery services and communicate delivery status;
- To respond to your customer service inquiries, complaints, and requests;
- To send transactional communications such as order confirmations, shipping notifications, and account alerts.
4.2 Analytics and Service Improvement
- To analyze how users interact with our website and services in order to improve functionality and user experience;
- To understand customer preferences, purchasing trends, and menu popularity;
- To conduct internal research and development aimed at enhancing our food offerings and digital tools;
- To monitor system performance, detect errors, and troubleshoot technical issues;
- To generate aggregated, anonymized statistics for internal reporting purposes.
4.3 Marketing and Promotional Communications
- To send you promotional emails, newsletters, special offers, and information about new menu items, if you have opted in or where permitted by applicable law;
- To personalize your experience by displaying tailored content, product recommendations, and relevant promotions;
- To conduct surveys and gather feedback to improve our offerings;
- To run sweepstakes, contests, or loyalty reward campaigns;
- To deliver targeted advertising on third-party websites and social media platforms.
You may opt out of marketing communications at any time. See Section 10 (Your Privacy Rights) for more information.
4.4 Legal Compliance and Safety
- To comply with applicable federal, state, and local laws and regulations;
- To respond to lawful requests from courts, law enforcement agencies, and government authorities;
- To detect, investigate, and prevent fraudulent transactions, identity theft, and other illegal or harmful activity;
- To enforce our Terms of Service and other agreements;
- To protect the rights, property, and safety of Chopt, our customers, employees, and the public.
4.5 Business Operations
- To evaluate and improve our marketing strategies and advertising campaigns;
- To manage and administer our business relationships with vendors and partners;
- To facilitate business transactions such as mergers, acquisitions, or asset sales (see Section 6.4);
- To maintain internal records and conduct audits.
5. Legal Bases for Processing
Under applicable United States law, our processing of your personal information is generally grounded in the following legal bases:
- Contractual Necessity: Processing necessary to fulfill our contract with you (e.g., processing your food order and payment).
- Legal Obligation: Processing required to comply with applicable federal and state laws, including tax and regulatory requirements.
- Legitimate Interests: Processing that serves our legitimate business interests, such as fraud prevention, service improvement, and direct marketing, where these interests are not overridden by your privacy rights.
- Consent: Processing based on your explicit consent, such as receiving marketing emails or enabling precise geolocation. You may withdraw consent at any time.
6. How We Share Your Information
We do not sell your personal information to third parties for monetary compensation. However, we may share your information in the following limited circumstances:
6.1 Service Providers and Business Partners
We engage trusted third-party service providers to help us operate our business and deliver our Services. These providers are contractually required to protect your data and use it only as directed by us. They include:
- Payment Processors: To securely handle credit and debit card transactions;
- Delivery and Logistics Partners: To coordinate food delivery and communicate order status;
- Cloud Hosting and IT Services: To store data, maintain our website, and provide cybersecurity;
- Email and Communication Providers: To send transactional and marketing communications;
- Analytics Providers: To help us understand website traffic and user behavior (e.g., Google Analytics);
- Customer Relationship Management (CRM) Tools: To manage customer interactions and loyalty programs;
- Advertising Networks: To serve targeted ads on our behalf across digital platforms.
6.2 Legal and Regulatory Disclosures
We may disclose your personal information when we believe in good faith that such disclosure is necessary to:
- Comply with a subpoena, court order, warrant, or other legal process;
- Cooperate with law enforcement agencies or regulatory bodies;
- Respond to governmental audits or investigations;
- Enforce our legal rights or defend against legal claims;
- Prevent or address fraud, security breaches, or threats to safety.
6.3 Sharing with Your Consent
We may share your personal information with third parties when you have given us explicit consent to do so, such as when you choose to participate in a joint promotion or connect with a third-party platform.
6.4 Business Transfers
In the event of a merger, acquisition, corporate restructuring, sale of assets, or bankruptcy proceeding, your personal information may be transferred to the acquiring entity or successor as part of that transaction. We will notify you via email or a prominent notice on our website if such a transfer occurs and if the new entity's privacy practices differ materially from ours.
6.5 Aggregated and Anonymized Data
We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other purposes.
7. Data Security
We take the security of your personal information seriously and have implemented a range of administrative, technical, and physical safeguards designed to protect your data against unauthorized access, disclosure, alteration, loss, or destruction. These measures include:
7.1 Technical Safeguards
- Encryption: All data transmitted between your browser and our servers is encrypted using Transport Layer Security (TLS) protocols. Sensitive data stored in our databases is encrypted at rest.
- Firewalls and Intrusion Detection: We employ network firewalls, intrusion detection systems, and continuous monitoring to prevent unauthorized access.
- Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis, and all access is logged and audited.
- Payment Security: We comply with Payment Card Industry Data Security Standards (PCI-DSS) for handling payment card data.
- Vulnerability Testing: We conduct regular security assessments, penetration testing, and vulnerability scans.
7.2 Administrative Safeguards
- Regular employee training on data privacy and security best practices;
- Data handling policies and procedures for all personnel with access to personal data;
- Contractual obligations imposed on all third-party service providers regarding data security;
- Incident response plans to address data breaches promptly.
7.3 Limitations of Security
While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data. In the event of a data breach that affects your rights and freedoms, we will notify you and applicable regulatory authorities as required by law.
8. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention periods are determined based on:
- Account Data: Retained for the duration of your active account relationship with us, plus up to 3 years after account closure for fraud prevention and dispute resolution purposes.
- Order and Transaction Records: Retained for a minimum of 7 years to comply with federal and state tax, accounting, and consumer protection laws.
- Marketing and Communications Data: Retained until you opt out of marketing communications or request deletion, whichever occurs first.
- Customer Service Records: Retained for up to 3 years after the resolution of the inquiry to assist with future support interactions and for quality assurance.
- Log and Technical Data: Typically retained for 12 to 24 months for security monitoring and operational purposes.
- Legal Hold Data: If litigation, regulatory inquiry, or other legal obligation requires preservation, data may be retained until the matter is fully resolved.
When personal information is no longer needed, we securely delete, destroy, or anonymize it in accordance with our data retention schedule and applicable law.
9. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and serve targeted advertisements.
9.1 Types of Cookies We Use
- Strictly Necessary Cookies: Essential for the basic functionality of our website, including enabling you to log in, place orders, and navigate the site. These cannot be disabled.
- Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage statistics (e.g., Google Analytics).
- Functional Cookies: Remember your preferences, such as saved delivery addresses, dietary settings, and language preferences.
- Advertising and Targeting Cookies: Used to deliver relevant advertisements across third-party websites and social media platforms based on your browsing behavior.
9.2 Managing Cookie Preferences
You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or receive a warning before a cookie is stored. Please note that disabling certain cookies may affect the functionality of our website and your ability to place orders.
For more detailed information about our use of cookies, including how to opt out of specific types of tracking, please refer to our full Cookie Policy, available on our website at new-chopt.rest.
9.3 Do Not Track Signals
Some browsers offer a "Do Not Track" (DNT) signal. At this time, our website does not respond to DNT signals in a uniform way due to the lack of a universal technical standard. We continue to monitor developments in this area and will update our practices as standards emerge.
10. Your Privacy Rights
Depending on your state of residence, you may have certain rights regarding your personal information. We honor these rights and provide mechanisms to exercise them as described below.
10.1 Rights for California Residents (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we have shared it.
- Right to Delete: You have the right to request that we delete your personal information, subject to certain legal exceptions (e.g., completing transactions, complying with legal obligations).
- Right to Correct: You have the right to request correction of inaccurate personal information we hold about you.
- Right to Opt Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell personal information for monetary compensation. To opt out of sharing for advertising purposes, please contact us at [email protected].
- Right to Limit Use of Sensitive Personal Information: Where we collect sensitive personal information, you have the right to limit how we use and disclose it.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights. We will not deny services, charge different prices, or provide a lower quality of service as a result of you exercising your CCPA/CPRA rights.
10.2 Rights for All United States Residents
Regardless of your state of residence, we provide the following privacy rights to all users as a matter of good practice:
- Access: Request a copy of the personal information we hold about you;
- Correction: Request that we correct inaccurate or incomplete personal information;
- Deletion: Request that we delete your personal information, subject to applicable legal exceptions;
- Data Portability: Request that we provide your personal information in a structured, commonly used, and machine-readable format where technically feasible;
- Opt-Out of Marketing: Unsubscribe from marketing emails by clicking the "unsubscribe" link in any promotional email, or by contacting us directly;
- Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
10.3 How to Submit a Privacy Rights Request
To exercise any of your privacy rights, please contact us using the following methods:
- Email: [email protected] with the subject line "Privacy Rights Request"
- Website: new-chopt.rest (contact/privacy request form)
We will respond to verified requests within 45 days of receipt. If we need additional time, we will notify you of the reason and extension period (up to an additional 45 days). We may need to verify your identity before processing your request to protect your security and privacy.
10.4 Authorized Agents
California residents may designate an authorized agent to submit privacy rights requests on their behalf. To use an authorized agent, you must provide the agent with written permission, and we may require proof of that authorization. We may still contact you directly to verify your identity as part of this process.
11. Children's Privacy
Our Services are intended for individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from children under the age of 13, as defined by the Children's Online Privacy Protection Act (COPPA), or from minors under 18 without parental or guardian consent.
If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected]. We will take prompt steps to delete such information from our systems upon verification of the complaint.
We do not knowingly target, market to, or serve content designed to attract individuals under the age of 18. If we become aware that we have collected personal information from a minor without appropriate consent, we will delete it as quickly as reasonably practicable.
12. International Data Transfers
Chopt is a United States-based business, and your personal information is primarily collected, stored, and processed within the United States. However, some of our third-party service providers may operate in or have data centers located in other countries.
If your personal information is transferred outside the United States, we take appropriate steps to ensure that such transfers comply with applicable data protection laws and that your information is afforded adequate protection, including through:
- Use of contractual protections with service providers, including data processing agreements;
- Ensuring that recipient countries or organizations provide an adequate level of data protection;
- Implementing appropriate technical and organizational safeguards.
By using our Services, you acknowledge that your personal information may be transferred to, stored in, and processed in the United States and other countries, which may have different data protection laws than your country of residence.
13. Third-Party Links and Services
Our website and communications may contain links to third-party websites, applications, or services that are not operated by Chopt. These links are provided for your convenience and informational purposes only. We have no control over the content, privacy practices, or security of those third-party platforms.
We strongly encourage you to review the privacy policies of any third-party websites or services you visit before providing them with any personal information. Chopt is not responsible for the privacy practices, content, or security measures of third-party platforms.
This applies to third-party food delivery platforms (e.g., DoorDash, Uber Eats, Grubhub), social media networks, and any payment providers that have their own independent privacy policies.
14. Changes to This Privacy Policy
We reserve the right to update, modify, or revise this Privacy Policy at any time to reflect changes in our business practices, legal obligations, or data handling procedures. When we make material changes, we will:
- Update the "Last Updated" date at the top of this Privacy Policy;
- Post the revised Privacy Policy on our website at new-chopt.rest;
- Notify you via email (if we hold your email address) or through a prominent notice on our website if the changes are material.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated terms.
15. How to File a Complaint
If you believe that we have violated your privacy rights or failed to comply with applicable data protection laws, we encourage you to first contact us directly so that we can investigate and address your concern:
Email: [email protected]
Website: new-chopt.rest
Subject Line: "Privacy Complaint"
We will acknowledge your complaint within 10 business days and aim to resolve it within 45 days.
15.1 California Residents
California residents who are not satisfied with our response may file a complaint with the California Privacy Protection Agency (CPPA) or the California Attorney General's Office:
- California Privacy Protection Agency: cppa.ca.gov
- California Attorney General: oag.ca.gov/privacy
15.2 Other U.S. Residents
Residents of other U.S. states may contact the Federal Trade Commission (FTC) if they believe their consumer privacy rights have been violated:
- Federal Trade Commission: ftc.gov/privacy | 1-877-FTC-HELP (1-877-382-4357)
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. We are committed to resolving privacy inquiries promptly and transparently.
| Company Name | Chopt |
|---|---|
| [email protected] | |
| Website | new-chopt.rest |