Privacy

Privacy Settings

Shake Shack takes your privacy very seriously and only provides personal information as required for the products and services you request. We have provided the following controls to Approve and Withdraw consent to process future requests. You can update these settings and view our Privacy Policy at any time from the Shake Shack Privacy page.

  • Cookies Shake Shack uses cookies in order to manage your privacy controls. Our 3rd Party Services use cookies in order to deliver their services to provide the best user experience including the following types of cookies and browser-based data:
  • Marketing Shake Shack sends your browser-based data and other personal information provided by you on our website to Mailchimp in order to personalize the marketing communications and promotions we send you. Additionally, we send anonymized data to Google and Facebook in order to help us fix technical issues, errors and highlight areas such as navigation where we can improve our Website and other digital properties.
  • Guest Support Shake Shack sends your browser-based data and other personal information provided by you on our website to Salesforce to aid our Guest Services team in responding to guest inquires and requests.
  • Social Media Shake Shack embeds social media widgets, videos, and playlists into our website to allow guest to interact with our brand through 3rd party services.

Shake Shack uses the following 3rd Party Services in order to provide the best user experience to its guests: Google, Facebook, Instagram, Twitter, Youtube, Mailchimp, Salesforce, AWS, Cloudflare, Career Arc, Spotify, Paytronix, TeamWorld, Olo, and Session M.

Privacy Policy

Effective Date:  January 1, 2020

Last Updated:  July 27, 2020

Shake Shack has adopted this privacy policy (this “Policy”) in order to inform you of its policies with respect to the personal information Shake Shack collects about you through our interactions with you and through our products, services, events, and programs – including our website located at www.shakeshack.com (the “Website”), the Shake Shack mobile application (the “Mobile App”), and transactions completed at Shake Shack physical locations (each a “Service,” and collectively, the “Services”).

In this Policy, the terms “Shake Shack,” “we,” and “us” refer to Shake Shack Enterprises, LLC and its wholly owned and operated locations.  This Policy does not apply to information collected by Shake Shack licensees, which maintain their own privacy policies and procedures.

By using any of the Services, you consent to the terms of this Policy.

 

The Personal Information Shake Shack Collects and How We Use It

In connection with your interactions with us through the Services, we may collect personal information from you or from other sources.  This information may be information that you directly provide to us, such as information that you provide when you visit the Services, or information that is passively or automatically collected from you, such as information collected from your browser or device.  The personal information may identify you directly (e.g., your name).  We also collect certain information that does not identify you directly, but in certain circumstances could allow you to be identified indirectly (e.g. certain technical data associated with devices that you use to interact with the Services).

In some instances, Shake Shack may also collect information from third party sources, upon whom we rely to provide the Services.  We use both business partners and service providers, such as payment processors and analytics providers, to perform services on our behalf.  Some of these partners may have access to information about you that we may or may not otherwise have (for example, where you sign up directly with that provider) and may share some or all of this information with us.  We may use this information to administer and improve the Services and to conduct marketing and advertising campaigns.

In response to public health guidance or mandates from government authorities, we may collect health data from our guests as we deem appropriate to provide a safe space for them and our employees.

In addition to the categories of information referenced above, Shake Shack may also collect aggregated data or anonymized data that does not directly identify you.

 

How We Share and Disclose Information

Shake Shack only shares information, including Personal Information (as defined in the section entitled “California Residents” below), with affiliated companies, as well as carefully selected business partners and service providers to provide better service to you.  These companies need information about you to perform their service function (such as to process and fulfill your order, verify your credit card information, and to protect you from fraud).  We also share information, including Personal Information, with specially chosen companies that help us with marketing functions (such as manage our Internet business, maintain and manage our customer information, as well as market our products and services).  We may engage vendors to serve advertisements on our behalf across the Internet and to provide analytics services.  These entities may collect certain information from you (e.g. click stream information, browser type, time and date, hardware/software information, cookie ID, IP address, etc.) when you visit our Website or Mobile App and use that information to provide advertisements about goods and services that are deemed to be of greater interest to you.

We may also share your information for any other purpose as disclosed at the time of collection, or when we have otherwise obtained consent.  Please note that this Policy is not intended to limit our ability to share or disclose aggregated, pseudonymized, or anonymized data.  Shake Shack also reserves the right to use or disclose information as needed to satisfy any law, regulation or legal request, to fulfill your requests, or to cooperate in any law enforcement or similar investigation.

 

How We Protect Your Information

Shake Shack takes a number of steps to protect your information from unauthorized access, use, or disclosure.  Shake Shack protects your information using technical, physical, and administrative security measures to reduce the risk of loss, misuse, unauthorized access, disclosure, or modification of your information.  Examples of our safeguards include firewalls, data encryption, physical access controls, and administrative informational controls.  When you transmit sensitive information (such as a credit card number) through the Website or in the Mobile App, we encrypt the transmission of that information using the Secure Sockets Layer (SSL) protocol.  No system or network can be guaranteed to be 100% secure.  As a result, we recommend that you help us keep your information safe by taking reasonable steps such as keeping your passwords private, changing them from time to time, and not disclosing personal data in places that can be accessed publicly.

 

Data Retention

We retain your information only for as long as is necessary to provide the Services and to fulfill the transactions you have requested, or for other necessary purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements.

 

“Cookies” and Advertisers

The Website and the Mobile App server, or the servers of companies that are used to operate the Website and the Mobile App, may place a “cookie” on your computer, store data in your computer browser or access pre-existing removable tracking features on your mobile device in order to allow you to use the Website and the Mobile App and to personalize your experience.  A “cookie” is a small piece of data that can be sent by a web server to your computer, which then may be stored by your browser on your computer’s hard drive.  Cookies and browser storage allow us to recognize your computer while you are on our Website and the Mobile App and help customize your online experience and make it more convenient for you.  Cookies and browser storage are also useful in allowing more efficient log-in for users, tracking transaction histories, and preserving information between sessions.  The information collected from cookies and browser storage may also be used to improve the functionality of the websites and applications.

Most web browser applications (such as Microsoft Internet Explorer, Google Chrome, Firefox and Apple Safari) have features that can notify you when you receive a cookie or prevent cookies from being sent.  If you disable cookies or other device tracking features, however, you may not be able to use certain personalized functions of the Website or the Mobile App.

 

Links to Other Sites

In some areas of the Website or the Mobile App, we may provide a link to another website.  Other websites, including social media sites, have their own policies regarding privacy and security, and these may vary from ours.

 

Children’s Privacy

The Services are directed toward and designed for use by persons aged 13 or older.  Shake Shack will not approve applications of, or establish or maintain registrations for any child whom Shake Shack knows to be under the age of 13.  Shake Shack does not solicit or knowingly collect personally identifiable information from children under the age of 13.  If Shake Shack nevertheless discovers that it has received personally identifiable information from an individual who indicates that he or she is, or whom Shake Shack otherwise has reason to believe is, under the age of 13, Shake Shack will delete such information from its systems.  Additionally, a child’s parent or legal guardian may request that the child’s information be corrected or deleted from our files by requesting this via our Contact Us page.

If you have reason to believe that child under the age of 13 has provided personal data to us without parental consent, please contact us using any of the methods described in the “Contact Us” section of this Policy, and we will endeavor to delete that data from our systems.

 

California Residents

This section supplements our privacy policy with additional information for California residents only.  The California Consumer Privacy Act (“CCPA”) provides specific protections and rules with respect to California’s own definition of “Personal Information,” which includes information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.  Personal Information includes any health data that we collect from our guests and our employees in response to public health guidance or mandates from government authorities.  As noted above, we collect information that you provide directly when you register for or use the Services, user credentials that you supply directly when you register for or update your login information to use the Services, demographic data, payment data, device data, usage data, location data, information about your interests and preferences, third party integrations, and other third party data.  The below chart provides additional detail on the categories of Personal Information we collect and the purposes for which we use Personal Information.

Categories of Personal Information Collected Business Purposes for Collection
Personal Identifiers (e.g., name, email address, and date of birth)
  • Marketing (including advertising, customer acquisition and lead generation, performance media, audience segmentation, event organization, web traffic analytics, brand promotion and analytics, surveys and consumer research, campaigns, management of influencer and other partner relationships, social media content distribution and analytics, mobile application communications, contest administration, and customer engagement and analytics)
  • Operational purposes (including order processing, payment, gift card, voucher and coupon processing, receipt processing, anti-fraud, sales data reporting, provision of food truck services, third-party delivery coordination, and mobile application and kiosk services and analytics)
  • Employment and recruiting (including conducting background checks and employment eligibility verification, for interview purposes, payroll administration and employee timekeeping, benefit administration, creation of tax forms, office administration, business expense processing, industry benchmarking, and internal communications)
  • Investor relations (including communicating with potential investors, processing stock purchases and transfers, distributing proxy statements and collecting shareholder votes, giving investor presentations, and contacting shareholders)
  • Development and real estate for the purpose of expanding the Services
  • Business relationship management
  • Customer service
  • Charitable giving
  • Legal compliance
Other personal information (e.g., drivers license, credit card number, health insurance information)
  • Marketing (including surveys and consumer research, and management of influencer and other partner relationships)
  • Operational purposes (including order processing, payment, gift card, voucher and coupon processing, receipt processing, anti-fraud, sales data reporting, and mobile application and kiosk services and analytics)
  • Employment and recruiting (including payroll administration and benefit administration)
  • Development and real estate investment for the purpose of expanding the Services
  • Legal compliance
Demographic information (e.g., gender, familial status, and citizenship status)
  • Marketing (including surveys and consumer research, and social media content distribution and analytics)
  • Operational purposes (including mobile application services)
  • Employment and recruiting (including conducting background checks and employment eligibility verification, payroll administration, and benefit administration)
  • Investor relations (including giving investor presentations)
  • Charitable giving
  • Legal compliance
Commercial information (e.g., purchasing activity)
  • Marketing (including surveys and consumer research, and mobile application management and communications)
  • Operational purposes (including order processing and oversight, payment, gift card, voucher and coupon processing, receipt processing, anti-fraud, sales data reporting and analysis, third-party delivery coordination, mobile application and kiosk services and analytics, inventory management, and financial auditing)
  • Investor relations (including processing stock purchases and transfers)
  • Development and real estate purposes
  • Customer service
Biometric information (e.g., eye color)
  • Employment and recruiting
  • Legal compliance
Internet or other electronic activity information (e.g., clickstream data and information regarding interaction with a web site)
  • Marketing (including customer acquisition and lead generation, audience segmentation, web traffic and search engine analytics, brand promotion and analytics, surveys and consumer research, campaigns, management of influencer relationships, social media content analytics, mobile application management and communications, contest administration, providing mobile store locator services, and customer engagement and analytics)
  • Operational purposes (including anti-fraud, and mobile application and kiosk services and analytics)
  • Employment and recruiting
  • Investor relations (including communicating with potential investors)
  • Customer service
  • Charitable giving
Geolocation data (e.g., mobile device location)
  • Marketing (including social media content distribution and providing mobile store locator services)
  • Operational purposes (including anti-fraud)
Audio, electronic, or visual information (e.g., photographs)
  • Marketing (including advertising)
  • Customer and employee safety
  • Legal compliance
  • Customer service and quality assurance
  • Detecting security incidents
Professional or employment-related information (e.g., employment history, educational information)
  • Marketing (including lead generation and management of influencer and other partner relationships)
  • Operational purposes (including third-party delivery coordination, order processing and oversight)
  • Employment and recruiting (including for interview purposes, selecting candidates, payroll administration and employee timekeeping, benefit administration, creation of tax forms, office administration, business expense processing, industry benchmarking, and internal communications)
  • Investor relations (including giving investor presentations)
  • Business relationship management
  • Legal compliance
Customer order information (e.g., order number)
  • Operational purposes (including order processing, inventory management, and menu management)
  • Customer service
Inferences drawn from personal information (e.g., preferences)
  • Marketing (including audience segmentation, campaigns, management of influencer and other partner relationships, social media content distribution and analytics, and customer engagement and analytics)
  • Employment and recruiting
Employee tax-related information (e.g., garnishments and tax remittance)
  • Employment and recruiting (including payroll administration)
  • Legal compliance
Other shareholder information (e.g., voting records)
  • Investor relations (including contacting shareholders)
Miscellaneous categories of consumer information (e.g., household income, dietary habits, allergies)
  • Marketing (including surveys and consumer research and mobile application communications)
  • Operational purposes (including order processing and mobile application and kiosk services and analytics)

 

In accordance with the CCPA, California residents have the right to request that we disclose the following information about our collection and use of “Personal Information,” over the twelve months prior to your requests:

  • The categories of Personal Information we collect about you.
  • The categories of sources for the Personal Information we collect about you.
  • Our business or commercial purpose for collecting or selling that Personal Information.
  • The specific pieces of Personal Information collected about you.
  • If we disclosed your Personal Information for a business purpose, a list of the categories of Personal Information we have disclosed in the prior twelve months.
  • If we sold your Personal Information for a business purpose, a list of the categories of Personal Information we have sold in the prior twelve months.

You also have the right to request that we delete any of your Personal Information.  In some circumstances we may not be able to honor your request for deletion – for example, if we need to hold on to your information to protect the security or functionality of our operations, to service your account, or to comply with legal obligations.

To ask for a record of the information we hold about you, or to ask us to delete your information, please visit our California Privacy Request Form or call us at +1 (888) 914-9661 PIN 512807.  You must provide enough information that we can verify who you are and that you are a California resident.  We will only use personal information provided in a request to verify the requester’s identity and authority to make the request.

You also have the right to direct us not to sell your personal information at any time.  To opt out of the sale of your personal information, you may submit a request to us by visiting our California Privacy Request Form.  Alternatively, you can click here:

 

 
We will not deny services, charge different prices, offer a different quality of service or otherwise discriminate against your for exercising your rights under the CCPA.

 

Non-U.S. Visitors Rights

Shake Shack’s business is directed to United States customers and non-U.S. persons visiting from other countries should be aware that by visiting a physical Shake Shack location, Website, or Mobile App in the United States, you are agreeing to be subject to U.S. privacy law rather than the laws of your home country.

To exercise the above-mentioned rights to revocation, information correction, blocking or deletion, please contact our data protection officer via the contact details provided below.  The exercising of your rights is free of charge.

We hope to be able to resolve all questions or complaints with you directly, although you have the right to contact the data protection supervisory authority if you wish to do so.

 

Data Protection Officer

If you have any questions regarding the processing of your personal data, please do not hesitate to contact our data protection officer directly. He will also assist you in case you have information requests or other requests or complaints:

Ron Palmese

Senior Vice President and General Counsel

225 Varick Street, New York, NY 10014

Phone: 646.727.7200

Email: privacy@shakeshack.com

 

Changes to This Privacy Policy

This Policy went into effect on the date noted at the top of this webpage.  We may update this Policy from time to time. If we make material changes, we will post the updated Policy on this page and change the date at the top of this webpage.  We encourage you to look for updates and changes to this Policy periodically, especially before you provide information, and particularly personally identifiable information, directly to us through the Services.  Your continued use of the Services after any changes to this Policy are in effect constitutes your acceptance of the revised Policy.

 

Contact Us

We welcome your questions, comments, and concerns about privacy. You can contact Shake Shack Customer Service online at https://www.shakeshack.com/contact/ or by phone at 646.747.7200, or by postal mail at:

Shake Shack Enterprises, LLC,

225 Varick Street, New York, NY 10014