Effective Date: January 1, 2020
Last Updated: July 27, 2020
In this Policy, the terms “Shake Shack,” “we,” and “us” refer to Shake Shack Enterprises, LLC and its wholly owned and operated locations. This Policy does not apply to information collected by Shake Shack licensees, which maintain their own privacy policies and procedures.
By using any of the Services, you consent to the terms of this Policy.
The Personal Information Shake Shack Collects and How We Use It
In connection with your interactions with us through the Services, we may collect personal information from you or from other sources. This information may be information that you directly provide to us, such as information that you provide when you visit the Services, or information that is passively or automatically collected from you, such as information collected from your browser or device. The personal information may identify you directly (e.g., your name). We also collect certain information that does not identify you directly, but in certain circumstances could allow you to be identified indirectly (e.g. certain technical data associated with devices that you use to interact with the Services).
In some instances, Shake Shack may also collect information from third party sources, upon whom we rely to provide the Services. We use both business partners and service providers, such as payment processors and analytics providers, to perform services on our behalf. Some of these partners may have access to information about you that we may or may not otherwise have (for example, where you sign up directly with that provider) and may share some or all of this information with us. We may use this information to administer and improve the Services and to conduct marketing and advertising campaigns.
In response to public health guidance or mandates from government authorities, we may collect health data from our guests as we deem appropriate to provide a safe space for them and our employees.
In addition to the categories of information referenced above, Shake Shack may also collect aggregated data or anonymized data that does not directly identify you.
How We Share and Disclose Information
Shake Shack only shares information, including Personal Information (as defined in the section entitled “California Residents” below), with affiliated companies, as well as carefully selected business partners and service providers to provide better service to you. These companies need information about you to perform their service function (such as to process and fulfill your order, verify your credit card information, and to protect you from fraud). We also share information, including Personal Information, with specially chosen companies that help us with marketing functions (such as manage our Internet business, maintain and manage our customer information, as well as market our products and services). We may engage vendors to serve advertisements on our behalf across the Internet and to provide analytics services. These entities may collect certain information from you (e.g. click stream information, browser type, time and date, hardware/software information, cookie ID, IP address, etc.) when you visit our Website or Mobile App and use that information to provide advertisements about goods and services that are deemed to be of greater interest to you.
We may also share your information for any other purpose as disclosed at the time of collection, or when we have otherwise obtained consent. Please note that this Policy is not intended to limit our ability to share or disclose aggregated, pseudonymized, or anonymized data. Shake Shack also reserves the right to use or disclose information as needed to satisfy any law, regulation or legal request, to fulfill your requests, or to cooperate in any law enforcement or similar investigation.
How We Protect Your Information
Shake Shack takes a number of steps to protect your information from unauthorized access, use, or disclosure. Shake Shack protects your information using technical, physical, and administrative security measures to reduce the risk of loss, misuse, unauthorized access, disclosure, or modification of your information. Examples of our safeguards include firewalls, data encryption, physical access controls, and administrative informational controls. When you transmit sensitive information (such as a credit card number) through the Website or in the Mobile App, we encrypt the transmission of that information using the Secure Sockets Layer (SSL) protocol. No system or network can be guaranteed to be 100% secure. As a result, we recommend that you help us keep your information safe by taking reasonable steps such as keeping your passwords private, changing them from time to time, and not disclosing personal data in places that can be accessed publicly.
We retain your information only for as long as is necessary to provide the Services and to fulfill the transactions you have requested, or for other necessary purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements.
“Cookies” and Advertisers
The Website and the Mobile App server, or the servers of companies that are used to operate the Website and the Mobile App, may place a “cookie” on your computer, store data in your computer browser or access pre-existing removable tracking features on your mobile device in order to allow you to use the Website and the Mobile App and to personalize your experience. A “cookie” is a small piece of data that can be sent by a web server to your computer, which then may be stored by your browser on your computer’s hard drive. Cookies and browser storage allow us to recognize your computer while you are on our Website and the Mobile App and help customize your online experience and make it more convenient for you. Cookies and browser storage are also useful in allowing more efficient log-in for users, tracking transaction histories, and preserving information between sessions. The information collected from cookies and browser storage may also be used to improve the functionality of the websites and applications.
Most web browser applications (such as Microsoft Internet Explorer, Google Chrome, Firefox and Apple Safari) have features that can notify you when you receive a cookie or prevent cookies from being sent. If you disable cookies or other device tracking features, however, you may not be able to use certain personalized functions of the Website or the Mobile App.
Links to Other Sites
In some areas of the Website or the Mobile App, we may provide a link to another website. Other websites, including social media sites, have their own policies regarding privacy and security, and these may vary from ours.
The Services are directed toward and designed for use by persons aged 13 or older. Shake Shack will not approve applications of, or establish or maintain registrations for any child whom Shake Shack knows to be under the age of 13. Shake Shack does not solicit or knowingly collect personally identifiable information from children under the age of 13. If Shake Shack nevertheless discovers that it has received personally identifiable information from an individual who indicates that he or she is, or whom Shake Shack otherwise has reason to believe is, under the age of 13, Shake Shack will delete such information from its systems. Additionally, a child’s parent or legal guardian may request that the child’s information be corrected or deleted from our files by requesting this via our Contact Us page.
If you have reason to believe that child under the age of 13 has provided personal data to us without parental consent, please contact us using any of the methods described in the “Contact Us” section of this Policy, and we will endeavor to delete that data from our systems.
|Categories of Personal Information Collected||Business Purposes for Collection|
|Personal Identifiers (e.g., name, email address, and date of birth)||
|Other personal information (e.g., drivers license, credit card number, health insurance information)||
|Demographic information (e.g., gender, familial status, and citizenship status)||
|Commercial information (e.g., purchasing activity)||
|Biometric information (e.g., eye color)||
|Internet or other electronic activity information (e.g., clickstream data and information regarding interaction with a web site)||
|Geolocation data (e.g., mobile device location)||
|Audio, electronic, or visual information (e.g., photographs)||
|Professional or employment-related information (e.g., employment history, educational information)||
|Customer order information (e.g., order number)||
|Inferences drawn from personal information (e.g., preferences)||
|Employee tax-related information (e.g., garnishments and tax remittance)||
|Other shareholder information (e.g., voting records)||
|Miscellaneous categories of consumer information (e.g., household income, dietary habits, allergies)||
In accordance with the CCPA, California residents have the right to request that we disclose the following information about our collection and use of “Personal Information,” over the twelve months prior to your requests:
- The categories of Personal Information we collect about you.
- The categories of sources for the Personal Information we collect about you.
- Our business or commercial purpose for collecting or selling that Personal Information.
- The specific pieces of Personal Information collected about you.
- If we disclosed your Personal Information for a business purpose, a list of the categories of Personal Information we have disclosed in the prior twelve months.
- If we sold your Personal Information for a business purpose, a list of the categories of Personal Information we have sold in the prior twelve months.
You also have the right to request that we delete any of your Personal Information. In some circumstances we may not be able to honor your request for deletion – for example, if we need to hold on to your information to protect the security or functionality of our operations, to service your account, or to comply with legal obligations.
To ask for a record of the information we hold about you, or to ask us to delete your information, please visit https://www.shakeshack.com/privacy-request/ or call us at (844) 766 – 8973. You must provide enough information that we can verify who you are and that you are a California resident. We will only use personal information provided in a request to verify the requester’s identity and authority to make the request.
You also have the right to direct us not to sell your personal information at any time. To opt out of the sale of your personal information, you may submit a request to us by visiting https://www.shakeshack.com/privacy-request/. Alternatively, you can click here:
We will not deny services, charge different prices, offer a different quality of service or otherwise discriminate against your for exercising your rights under the CCPA.
Non-U.S. Visitor’s Rights
Shake Shack’s business is directed to United States customers and non-U.S. persons visiting from other countries should be aware that by visiting a physical Shake Shack location, Website, or Mobile App in the United States, you are agreeing to be subject to U.S. privacy law rather than the laws of your home country.
To exercise the above-mentioned rights to revocation, information correction, blocking or deletion, please contact our data protection officer via the contact details provided below. The exercising of your rights is free of charge.
We hope to be able to resolve all questions or complaints with you directly, although you have the right to contact the data protection supervisory authority if you wish to do so.
Data Protection Officer
If you have any questions regarding the processing of your personal data, please do not hesitate to contact our data protection officer directly. He will also assist you in case you have information requests or other requests or complaints:
Senior Vice President and General Counsel
225 Varick Street, New York, NY 10014
This Policy went into effect on the date noted at the top of this webpage. We may update this Policy from time to time. If we make material changes, we will post the updated Policy on this page and change the date at the top of this webpage. We encourage you to look for updates and changes to this Policy periodically, especially before you provide information, and particularly personally identifiable information, directly to us through the Services. Your continued use of the Services after any changes to this Policy are in effect constitutes your acceptance of the revised Policy.
We welcome your questions, comments, and concerns about privacy. You can contact Shake Shack Customer Service online at https://www.shakeshack.com/contact/ or by phone at 646.747.7200, or by postal mail at:
Shake Shack Enterprises, LLC,
225 Varick Street, New York, NY 10014