Last Updated/Effective Date: July 1, 2023
Your privacy is important to us. Dine Brands Global, Inc. understands your concerns regarding how information about you is used and shared, and we appreciate that you trust us to use and share information about you carefully and sensibly.
Dine collects information relating to you and your use of the Sites or Facilities to provide services and features that are responsive to your needs. Dine collects personal information in the following ways:
3.1 Information You Provide to Us
We may collect the following information about you including, but not limited to:
3.2 Information We and Our Third-Party Service Providers Collect
When you use our Sites, we and our third-party service providers automatically collect information about how you access and use the Sites and information about the device you use to access the Sites. We typically collect this information through a variety of tools including cookies, web beacons, pixels, social media widgets, other tools to enable data recording and indexing, and similar technology (collectively, “tracking technologies”). We and our third-party partners may automatically collect information such as:
We process personal information to provide services to you and additional services you request, as well as to respond to communications from you. The precise purposes for which your personal information is processed will be determined by the request and by applicable laws, regulatory guidance, and professional standards.
We use information we collect from you and information that we collect automatically to manage and improve our Sites and our business. We take steps to ensure that your rights are safeguarded. For example, we use information to:
Sometimes we may de-identify information by removing identifiers that can be used to associate the information with you. De-identified information helps us develop reports and analyses about how our customers use our Sites and for other purposes such as research regarding behavioral inferences. To further protect your privacy, de-identified information does not include contact information or any other information that would identify any specific individual or household.
We do not sell your personal information to third parties, but we do share your personal information in the circumstances described below.
We offer certain choices about how we communicate with you and what personal information we obtain about you and share with others.
Dine may collect, use, share, transfer, and otherwise process de-identified and aggregated information that it receives or creates for any purpose in its sole discretion, in compliance with applicable laws. Dine is the sole and exclusive owner of such de-identified and aggregated information, including if Dine de-identifies personal information so that it is no longer considered personal information under applicable laws.
Dine uses Google Analytics to process personal information about your use of our Sites. Google sets cookies on your browser or device, and then your web browser will automatically send information to Google. Google uses this information to provide us with reports that we use to better understand and measure how users interact with our Sites.
We use third parties and/or service providers to provide interest-based advertising services. These services may serve advertisements on our behalf that are customized based on predictions about your interests generated from your visits to websites (including our Sites) over time and across different websites. The data collected may be associated with your personal information. These advertisements may appear on our Sites and on other websites and may be sent to you via email.
To change your preferences with respect to certain online ads or obtain more information about ad networks and online behavioral advertising, visit National Advertising Initiative Consumer Opt-Out Page or the Digital Advertising Alliance Self-Regulatory Program. Changing your settings with individual browsers or ad networks will not necessarily carry over to other browsers or ad networks. As a result, depending on the opt-outs you request, you may still see our ads. Opting out of targeted advertising does not opt you out of all ads, just those targeted to you.
We are active on social media including, but not limited to, Facebook, YouTube, Twitter, Instagram, and LinkedIn (“Social Media”). Anything you post on Social Media is public information and will not be treated confidentially. We may post (or re-post) on the Sites and our Social Media pages any comments or content that you post on our Social Media pages.
Our Sites are hosted and operated in the United States. However, we and our service providers may store information about individuals in the United States, or we may transfer it to, and store it within, other countries.
Visitors from jurisdictions outside the United States visit us at their own choice and risk. If you are not a resident of the United States, you acknowledge and agree that we may collect and use your personal information outside your home jurisdiction and that we may store your personal information in the United States or elsewhere. Please note that the level of legal protection provided in the United States from which you may access our Sites may not be as stringent as that under privacy standards or the privacy laws of other countries, possibly including your home jurisdiction.
Occasionally, at our discretion, we may include or offer third-party products or services on our apps. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. We urge you to read the privacy policies of other websites before submitting any information to those websites.
Dine has implemented reasonable physical, technical, and administrative security standards to protect personal information from loss, misuse, alteration, or destruction. We strive to protect your personal information against unauthorized access, use, or disclosure, using security technologies and procedures, such as encryption and limited access. Only authorized individuals access your personal information, and they receive training about the importance of protecting personal information.
Under California Civil Code Section 1798.83, individual customers who reside in California and who have an existing business relationship with us may request information about our disclosure of certain categories of personal information to third parties for the third parties’ direct marketing purposes, if any.
To make such a request, send an email with the subject heading “California Privacy Rights” to [email protected]. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by these California privacy rights requirements, and only information on covered sharing will be included in our response. This request may be made no more than once per calendar year. Please note that separate requests related to the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act (“CPRA”), shall be submitted as described below.
Pursuant to applicable California law, including the CCPA, as amended by the CPRA, Dine makes the following disclosures regarding the Personal Information Dine has collected and disclosed within the last 12 months, where “Personal Information” (“PI”) has the definition set forth in the CCPA, as amended by the CPRA:
|Category of PI||Collected||Category of Source from which PI is Collected||Purpose of Collection||Third Parties to whom PI is Disclosed for a Business Purpose||Third Parties to whom PI is Sold or Shared||Retention Period|
|Identifiers.||Yes.||Directly from you.||To provide our services to you, including our loyalty programs; to enable access to our Sites.||Service Providers.||We do not sell this category of PI. We share this category of PI with third parties for purposes of cross-context behavioral advertising.||We mostly retain this category of PI for 1 year from the date of your last interaction with us. However, in certain limited circumstances, such as to maintain records of guest relations issues, we retain this category of PI for up to 6 years.|
|PI categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||Yes.||Directly from you.||To process orders or other transactions made on our Sites.||Service Providers.||We do not sell or share this category of PI.||We mostly retain this category of PI for 1 year from the date of your last interaction with us. However, in certain limited circumstances, such as to maintain records of guest relations issues, we retain this category of PI for up to 6 years.|
|Protected classification characteristics under California or federal law.||Yes.||Directly from you.||To provide you our services, including our loyalty programs.||Service Providers.||We do not sell or share this category of PI.||1 year from the date of your last interaction with us.|
|Commercial information.||Yes.||Directly from you.||To market our services to you and tailor offers to your interests.||Service Providers.||We do not sell or share this category of PI.||1 year from the date of your last interaction with us.|
|Internet or other similar network activity.||Yes.||Cookies and other tracking technologies.||To conduct data analytics.||Service Providers.||We do not sell this category of PI. However, we share this category of PI with third parties for purposes of cross-context behavioral advertising.||Varies depending on the website and the type of cookie collecting this PI, but generally no more than 2 years. One exception is a cookie associated with the Sitecore Content Management System, used for web analytics to identify repeat visits by unique users, that has a lifespan of 10 years.|
|Geolocation data.||Yes.||Cookies and other tracking technologies.||To provide you with location-specific services, such as showing nearby restaurants in our Sites.||None.||We do not sell or share this category of PI.||1 year from the date of your last interaction with us|
|Professional or employment-related information.||No.||N/A.||N/A.||N/A.||N/A.||N/A.|
|Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99).||No.||N/A.||N/A.||N/A.||N/A.||N/A.|
|Inferences drawn from other PI.||Yes.||Directly from you.||To market our services and tailor offers to your interests.||None.||We do not sell or share this category of PI.||1 year from the date of your last interaction with us.|
|Sensitive PI.||Yes.||Directly from you.||To market our services and tailor offers to your interests.||Service Providers.||We do not sell or share this category of PI.||1 year from the date of your last interaction with us.|
If you are a California resident, you have the following rights:
|Notice||The right to be notified of what categories of Personal Information will be collected at or before the point of collection and the purposes for which they will be used and shared.|
|Access||The right to request the categories of Personal Information we have collected about you; the categories of sources from which the Personal Information was collected; the business or commercial purpose for collecting, selling, or sharing Personal Information; the categories of third parties to whom we disclosed Personal Information to; and the specific pieces of Personal Information we have collected about you in the twelve (12) months preceding your request for your Personal Information.|
|Deletion||The right to have your Personal Information deleted. However, please be aware that we may not fulfill your request for deletion if we (or our service provider(s)) are required or permitted to retain your Personal Information for one or more of the following categories of purposes: (1) to complete a transaction for which the Personal Information was collected, provide a good or service requested by you, or complete a contract between us and you; (2) to ensure our website integrity, security, and functionality; (3) to comply with applicable law or a legal obligation or exercise rights under the law (including free speech rights); or (4) to otherwise use your Personal Information internally, in a lawful manner that is compatible with the context in which you provided it.|
|Correction||You have the right to request that we correct any incorrect Personal Information that we collect or retain about you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see below), we will correct (and direct any of our service providers that hold your data on our behalf to correct) your Personal Information from our records, unless an exception applies. We may deny your correction request if (a) we believe the Personal Information we maintain about you is accurate; (b) correcting the Personal Information would be impossible or involve disproportionately burdensome efforts; or (c) if the request conflicts with our legal obligations.|
|Automated Decision Making||You have the right to request information about the logic involved in automated decision-making and a description of the likely outcome of processes, and the right to opt out. Dine uses an application programming interface to make menu item suggestions to consumers who order on our Sites based on the guest’s online interactions and purchase history. As currently defined by the CCPA, as amended by the CPRA, Dine does not believe this functionality qualifies as automated decision-making but will await further guidance from the California Privacy Protection Agency.|
|To Opt Out of Sales or Sharing of Personal Information||
You have the right to opt out of the “sharing” or “selling” of your Personal Information as those terms are defined by the CCPA, as amended by the CPRA. Dine does not sell your Personal Information. In order to opt out of our “sharing” of your Personal Information, you may opt out by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC). Dine Brands honors Opt-Out Preference Signals, including GPC.
If you choose to use an Opt-Out Preference Signal, you will need to turn it on for each supported browser or browser extension you use. Additionally, you can exercise your rights by clicking the “Do Not Share My Personal Information” link in the cookie banner presented to you when you first visit our Sites.
|Limit Use of Sensitive Personal Information||Dine does not use or disclose Sensitive Personal Information other than to provide our services reasonably expected by you. However, if we used or disclosed Sensitive Personal Information for other purposes, you would have the right to opt out.|
To submit a request, please contact us at (866) 926-5019, or complete the privacy web form located here. You may only make a request to exercise your rights on behalf of yourself. You also have a right to submit requests to exercise your rights under the CCPA, as amended by the CPRA through an authorized agent. An authorized agent must be registered with the Secretary of State in California to conduct business in California. If you choose to use an authorized agent, you may be required to: (a) provide signed permission to that authorized agent to submit requests on your behalf, (b) verify your identity directly with Dine, and (c) directly confirm with Dine that you granted permission to the authorized agent to submit the request on your behalf. For clarity, you are required to verify the identity of both yourself and the authorized agent.
If we cannot initially verify your identity, we may request additional information to complete the verification process. We will only use Personal Information provided in a request to verify the requestor’s identity. To verify your identity when you or your authorized agent submits a request, we will match the identifying information you provide us to the Personal Information we have about you. If you have an account with us, we will also verify your identity through our existing authentication practices for your account. Once we receive your request, we will notify you of receipt within 10 days and promptly take steps to respond to your request within 45 days. If we require additional time, we will inform you of the reason and extension period as permitted by the CCPA, as amended by the CPRA. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request.
We do not charge a fee to process or respond to your requests unless they are excessive or repetitive. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We may deny certain requests, or only fulfill some in part, as permitted or required by law. For example, if you request to delete Personal Information, we may retain Personal Information that we need to retain for legal purposes.
We will not discriminate against you in the event you exercise any of the aforementioned rights under the CCPA, as amended by the CPRA, including, but not limited to, by:
If you sign up for our Applebee’s, IHOP, or Fuzzy’s loyalty programs, you will receive credit for each dollar spent at participating restaurants, which can be redeemed for reward items or free food.
When you sign up for the Applebee’s loyalty program at https://www.applebees.com/en/sign-up, we will ask you to submit the following personal information:
When you sign up for the IHOP loyalty program (International Bank of Pancakes) at https://www.ihop.com/rewards, we will ask you to submit the following personal information:
When you sign up for the Fuzzy’s loyalty program at https://fuzzystacoshop.com/rewards/, we will ask you to submit the following personal information:
Please be aware that you may withdraw from the loyalty programs at any time by e-mailing us at [email protected] or calling (866) 926-5019.
Our Sites are not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Sites. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on the Sites or on or through any of its features, including your name, address, telephone number, e-mail address, or any username you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at [email protected].