This website may collect and process certain information about individuals.
McDonald’s (“We”) want to inform you about how and why we collect and process this data, and what your rights are regarding this data.
Our ‘data subjects’ are individuals that include members, suppliers, business contacts, participants at events, employees and other people we have a relationship with or may need to contact.
We are committed to handling personal data in compliance with the law, including the EU’s General Data Protection Regulation (GDPR)..
We commit to collect and process personal data only when this data is:
- processed fairly, in a transparent way and based on valid legal grounds
- obtained for specific lawful purposes
- adequate, relevant and not excessive
- accurate and kept up to date
- not held for longer than necessary
- protected in appropriate ways and not transferred outside of the European Economic Area unless adequate protective measures are in place.
We are also committed to establishing and maintaining procedural and technical measures to prevent data breaches.
Types of data
Personal data means any information relating to an identified or identifiable natural person. This means someone who can be identified, directly or indirectly, by reference to information such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of that natural person.
We may collect the following categories of personal data to the extent necessary to achieve the purposes outlined in this policy:
- Identification data, such as first name, name, pictures, IP address, cookies, photographs
- Contact data, such as email address, telephone number, postal address
- Personal information, such as age, date of birth, gender, marital status, citizenship
- Financial data, such as bank account details
- Education and profession and employment data
- In some circumstances, we also collect and process special categories of data, such as health data, memberships or political affiliation.
We also have a legitimate interest in the processing of personal data to the extent strictly necessary for the purposes of ensuring network and information security.
For website administration, we process identification data from individuals who visit this website and express consent to using cookies or provide personal information on the site.
Processing, storing and transferring data
We retain personal data for the time that is strictly necessary to achieve the purpose(s) for which they were collected, such as for the duration of a contractual relationship or of a project, and for a period of time thereafter if so required by applicable law or if in the primary interests of the data subjects.
We doe not transfer personal data outside of the European Economic Area (EEA) unless adequate protective measures are in place.
As a data subject, you have the following rights with respect to personal data we hold about you, subject to applicable legal restrictions:
- Right to access your personal data
- Right to rectify incorrect or incomplete personal data
- Right to erase your personal data
- Right to restrict processing of your personal data
- Right to data portability (to receive personal data concerning you in a structured, commonly used and machine-readable format and to transmit those data to another controller)
- Right to object to all or part of the processing, when legally allowed
- Right not to be subject to automated individual decision-making, including profiling within the limits set out by the law
- Right to withdraw consent at any time when we process your personal data based on your consent
- Right to lodge a complaint with a supervisory authority in the EU
If you wish to exercise any of these rights or if you are not satisfied about how we protect your privacy, you should address your request by email together with a copy of your ID (which we will only use to verify your identity), to McDonald’s at [email address], with the subject line ‘Data protection request’.
Individuals will not be charged for subject access requests, except if the requests are manifestly unfounded or excessive/repetitive. In such cases, we may charge a reasonable fee or refuse to act on the request.
We aim to respond to data subject requests without undue delay, and in any event within one month of receipt of the request.
A cookie is a small piece of data stored in your web browser while you are browsing our website. When you browse our website again in the future, the data stored in the cookie can be retrieved to notify us of your previous activity.
We use Google Analytics, which creates a number of first-party cookies:
- _ga: registers a unique ID that is used to generate statistical data on how the visitor uses the website. This cookie expires after 2 years.
- _gat: used by Google Analytics to throttle request rate, which means that it limits the collection of data on high traffic sites. This cookie expires after 1 day.
- _gid: registers a unique ID that is used to generate statistical data on how the visitor uses the website. This cookie expires after 1 day.
- collect: is used to send data to Google Analytics about the visitor’s device and behaviour. It tracks the visitor across devices and marketing channels. This is a session cookie and expires when you exit the browser.
We don’t believe that our use of Google Analytics is privacy-intrusive. We use the data that is collected in the following ways:
- To report, in aggregate, how our visitors find and use our website;
- To understand overall visitor behaviour;
- To inform how we update and improve our website.
We do allow Google to use this data to collate and aggregate benchmarking data, which they provide to us, about similar websites in our industry. To do this, Google further anonymizes the analytics data by removing all identifiable information about our website. It also combines the data with hundreds of other anonymous sites in comparable industries.
We do not share our analytics data with any other third parties.
To opt out of our use of Google Analytics you may wish to consider using the Google Analytics Opt-out Browser Add-on. You can also manage cookies manually via your browser.
In addition to our first-party cookies, you may be served third-party cookies during your visit to our website.
Third-party cookies are cookies created by an external service when you use a page on our website. These cookies are specific to the third-party’s domain and so the data held in them can be seen and managed by the third party and not by us. We control whether or not we use the third-party service with our website, and how it is integrated and presented on our website. We do not have control over the cookies themselves.
YouTube’s embedded player currently creates and updates two Flash LSO objects from s.ytimg.com. The LSOs are soundData (which appears to store volume setting preferences) and videostats (which appears to store performance-related information). We have no direct control over YouTube’s use of the data stored in this object.