Fuzzy's Taco Shop Privacy Policy | Your Information, Our Commitment

PRIVACY POLICY

WHAT INFORMATION DO WE COLLECT?
We collect information from you when you register on our site or when you submit an inquiry.

When registering on our site, as appropriate, you may be asked to enter your: name, email address, mailing address, and phone number. You may, however, visit our site anonymously.

WHAT DO WE USE YOUR INFORMATION FOR?
Any of the information we collect from you may be used in one of the following ways:
• To personalize your experience (your information helps us to better respond to your individual needs)
• To improve our website (we continually strive to improve our website offerings based on the information and
feedback we receive from you)
• To improve customer service (your information helps us to more effectively respond to your customer service
requests and support needs)
• Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other
company for any reason whatsoever, without your consent, other than for the express purpose of delivering
the purchased product or service requested.
• To administer a contest, promotion, survey or other site feature
• To send periodic emails
• The email address you provide for order processing may be used to send you information and updates
pertaining to your order, in addition to receiving occasional company news, updates, related product or
service information, etc.
NOTE: If at any time you would like to unsubscribe from receiving future emails, we include detailed
unsubscribe instructions at the bottom of each email.

Dine Brands Global, Inc. Privacy Policy

Last Updated/Effective Date: July 1, 2023

1.0 Introduction

Your privacy is important to us. Dine Brands Global, Inc. understands your concerns regarding how information about you is used and shared, and we appreciate that you trust us to use and share information about you carefully and sensibly.

This Privacy Policy describes what information Dine Brands Global, Inc. and its affiliates, including International House of Pancakes, LLC (“IHOP”), Applebee’s International, Inc. (“Applebee’s”), and Fuzzy’s Taco Opportunities, LLC (“Fuzzy’s”) (collectively “Dine”, “us”, “our”, and “we”), collect about you, how we collect it, how we use it, with whom we may share it, and what choices you have regarding it. This Privacy Policy applies to your use of our websites including, without limitation, https://www.dinebrands.com/en, https://www.ihop.com/en, https://www.applebees.com/en, https://fuzzystacoshop.com/, our mobile websites, our mobile apps, any other platforms that link to this Privacy Policy (each, a “Site,” and collectively, the “Sites”), and any other means by which we may collect information about you, including information you may provide to us onsite at one of our Restaurant Support Centers (“RSC”) or restaurants (collectively, the “Facilities”).

We encourage you to become familiar with this Privacy Policy. By accessing and using the Sites or Facilities, you agree that you have read and understand this Privacy Policy and that you accept and consent to the privacy practices (and any uses and disclosures of information about you) that are described in this Privacy Policy.

This Privacy Policy does not apply to any websites or facilities operated by third parties. We are not responsible for, and this Privacy Policy does not apply to, the privacy practices of other companies or other websites. We encourage you to seek out and read the privacy policy of each website that you visit.

2.0 How Do We Collect Your Information?

Dine collects information relating to you and your use of the Sites or Facilities to provide services and features that are responsive to your needs. Dine collects personal information in the following ways:

3.0 What Information Do We Collect?

3.1 Information You Provide to Us

We may collect the following information about you including, but not limited to:

3.2 Information We and Our Third-Party Service Providers Collect

When you use our Sites, we and our third-party service providers automatically collect information about how you access and use the Sites and information about the device you use to access the Sites. We typically collect this information through a variety of tools including cookies, web beacons, pixels, social media widgets, other tools to enable data recording and indexing, and similar technology (collectively, “tracking technologies”). We and our third-party partners may automatically collect information such as:

4.0 How Do We Use Your Personal Information?

We process personal information to provide services to you and additional services you request, as well as to respond to communications from you. The precise purposes for which your personal information is processed will be determined by the request and by applicable laws, regulatory guidance, and professional standards.

We use information we collect from you and information that we collect automatically to manage and improve our Sites and our business. We take steps to ensure that your rights are safeguarded. For example, we use information to:

Sometimes we may de-identify information by removing identifiers that can be used to associate the information with you. De-identified information helps us develop reports and analyses about how our customers use our Sites and for other purposes such as research regarding behavioral inferences. To further protect your privacy, de-identified information does not include contact information or any other information that would identify any specific individual or household.

5.0 Do We Disclose Any Information to Outside Parties?

We do not sell your personal information to third parties, but we do share your personal information in the circumstances described below.

6.0 What Choices Do You Have About Your Personal Information?

We offer certain choices about how we communicate with you and what personal information we obtain about you and share with others.

7.0 Use and Disclosure of Non-Personal Information

Dine may collect, use, share, transfer, and otherwise process de-identified and aggregated information that it receives or creates for any purpose in its sole discretion, in compliance with applicable laws. Dine is the sole and exclusive owner of such de-identified and aggregated information, including if Dine de-identifies personal information so that it is no longer considered personal information under applicable laws.

8.0 Data Automatically Collected

Dine uses Google Analytics to process personal information about your use of our Sites. Google sets cookies on your browser or device, and then your web browser will automatically send information to Google. Google uses this information to provide us with reports that we use to better understand and measure how users interact with our Sites.

To learn more about how Google uses data, visit Google’s Privacy Policy and Google’s page on “How Google Uses Data When You Use Our Partners’ Sites or Apps.” You may download the Google Analytics Opt-Out Browser Add-On for each web browser you use, but this does not prevent the use of other analytics tools. To learn more about Google Analytics cookies, visit Google Analytics Cookie Usage on Websites.

>We use third parties and/or service providers to provide interest-based advertising services. These services may serve advertisements on our behalf that are customized based on predictions about your interests generated from your visits to websites (including our Sites) over time and across different websites. The data collected may be associated with your personal information. These advertisements may appear on our Sites and on other websites and may be sent to you via email.

We use Google Ads to serve ads across various websites. Google uses Cookies to collect data about your visits to our Sites to generate targeted advertisements to you on other websites that you visit. To opt out of this type of advertising by Google, customize your ad preferences, or limit Google’s collection or use of such data, visit Google’s Safety Center and Google’s Ad Settings and follow Google’s Personalized Ad Opt-Out Instructions. Opting out will not affect your use of our Sites.

To change your preferences with respect to certain online ads or obtain more information about ad networks and online behavioral advertising, visit National Advertising Initiative Consumer Opt-Out Page or the Digital Advertising Alliance Self-Regulatory Program. Changing your settings with individual browsers or ad networks will not necessarily carry over to other browsers or ad networks. As a result, depending on the opt-outs you request, you may still see our ads. Opting out of targeted advertising does not opt you out of all ads, just those targeted to you.

Google Maps. Our Sites contain maps provided by third parties and/or service providers for your convenience. Dine and such other parties may collect data about how you interact with the maps. For example, Google may collect usage data on maps embedded on the Sites. Even if you do not interact with the maps, Google may still collect certain information about your interactions with our Sites if you are signed into your Google account when accessing our Sites. Please see Google’s Privacy Policy for more information.

9.0 Social Media

We are active on social media including, but not limited to, Facebook, YouTube, Twitter, Instagram, and LinkedIn (“Social Media”). Anything you post on Social Media is public information and will not be treated confidentially. We may post (or re-post) on the Sites and our Social Media pages any comments or content that you post on our Social Media pages.

Our Sites allow you to connect and share data with Social Media platforms. These features may require us to use cookies, plug-ins, and APIs provided by such Social Media platforms to facilitate those communications and features. Our Sites may use advertising networks and services offered by Social Media platforms to deliver advertising content. Use of these services requires Social Media platforms to implement cookies or pixel tags to deliver ads to you while you access the Sites.

10.0 Location of Our Sites

Our Sites are hosted and operated in the United States. However, we and our service providers may store information about individuals in the United States, or we may transfer it to, and store it within, other countries.

Visitors from jurisdictions outside the United States visit us at their own choice and risk. If you are not a resident of the United States, you acknowledge and agree that we may collect and use your personal information outside your home jurisdiction and that we may store your personal information in the United States or elsewhere. Please note that the level of legal protection provided in the United States from which you may access our Sites may not be as stringent as that under privacy standards or the privacy laws of other countries, possibly including your home jurisdiction.

11.0 How Long Do We Retain Your Personal Information?

We will keep your personal information for the period necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is permitted or required by law.

12.0 Third-Party Links

Occasionally, at our discretion, we may include or offer third-party products or services on our apps. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. We urge you to read the privacy policies of other websites before submitting any information to those websites.

13.0 How Do We Protect Your Information?

Dine has implemented reasonable physical, technical, and administrative security standards to protect personal information from loss, misuse, alteration, or destruction. We strive to protect your personal information against unauthorized access, use, or disclosure, using security technologies and procedures, such as encryption and limited access. Only authorized individuals access your personal information, and they receive training about the importance of protecting personal information.

14.0 California Privacy Notice

Under California Civil Code Section 1798.83, individual customers who reside in California and who have an existing business relationship with us may request information about our disclosure of certain categories of personal information to third parties for the third parties’ direct marketing purposes, if any.

To make such a request, send an email with the subject heading “California Privacy Rights” to privacydesk@dinebrands.com. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by these California privacy rights requirements, and only information on covered sharing will be included in our response. This request may be made no more than once per calendar year. Please note that separate requests related to the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), shall be submitted as described below.

14.1 CCPA/CPRA Notice

Pursuant to applicable California law, including the CCPA, as amended by the CPRA, Dine makes the following disclosures regarding the Personal Information Dine has collected and disclosed within the last 12 months, where “Personal Information” (“PI”) has the definition set forth in the CCPA, as amended by the CPRA:

Category of PI

Collected

Category of Source from which PI is Collected

Purpose of Collection

Third Parties to whom PI is Disclosed for a Business Purpose

Third Parties to whom PI is Sold or Shared

Retention Period

Identifiers.

Yes.

Directly from you.

To provide our services to you, including our loyalty programs; to enable access to our Sites.

Service Providers.

We do not sell this category of PI. We share this category of PI with third parties for purposes of cross-context behavioral advertising.

We mostly retain this category of PI for 1 year from the date of your last interaction with us. However, in certain limited circumstances, such as to maintain records of guest relations issues, we retain this category of PI for up to 6 years.

PI categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

Yes.

Directly from you.

To process orders or other transactions made on our Sites.

Service Providers.

We do not sell or share this category of PI.

We mostly retain this category of PI for 1 year from the date of your last interaction with us. However, in certain limited circumstances, such as to maintain records of guest relations issues, we retain this category of PI for up to 6 years.

Protected classification characteristics under California or federal law.

Yes.

Directly from you.

To provide you our services, including our loyalty programs.

Service Providers.

We do not sell or share this category of PI.

1 year from the date of your last interaction with us.

Commercial information.

Yes.

Directly from you.

To market our services to you and tailor offers to your interests.

Service Providers.

We do not sell or share this category of PI.

1 year from the date of your last interaction with us.

Biometric information.

No.

N/A.

N/A.

N/A.

N/A.

N/A.

Internet or other similar network activity.

Yes.

Cookies and other tracking technologies.

To conduct data analytics.

Service Providers.

We do not sell this category of PI. However, we share this category of PI with third parties for purposes of cross-context behavioral advertising.

Varies depending on the website and the type of cookie collecting this PI, but generally no more than 2 years. One exception is a cookie associated with the Sitecore Content Management System, used for web analytics to identify repeat visits by unique users, that has a lifespan of 10 years.

Geolocation data.

Yes.

Cookies and other tracking technologies.

To provide you with location-specific services, such as showing nearby restaurants in our Sites.

None.

We do not sell or share this category of PI.

1 year from the date of your last interaction with us

Sensory data.

Yes.

Directly from you when you visit our Facilities.

To manage risk and protect our Facilities.

None.

We do not sell or share this category of PI

60 days from the date of your last visit.

Professional or employment-related information.

No.

N/A.

N/A.

N/A.

N/A.

N/A.

Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99).

No.

N/A.

N/A.

N/A.

N/A.

N/A.

Inferences drawn from other PI.

Yes.

Directly from you.

To market our services and tailor offers to your interests.

None.

We do not sell or share this category of PI.

1 year from the date of your last interaction with us.

Sensitive PI.

Yes.

Directly from you.

To market our services and tailor offers to your interests.

Service Providers.

We do not sell or share this category of PI.

1 year from the date of your last interaction with us.

14.2 CCPA/CPRA Rights

If you are a California resident, you have the following rights:

Privacy Right

Description

Notice

The right to be notified of what categories of Personal Information will be collected at or before the point of collection and the purposes for which they will be used and shared.

Access

The right to request the categories of Personal Information we have collected about you; the categories of sources from which the Personal Information was collected; the business or commercial purpose for collecting, selling, or sharing Personal Information; the categories of third parties to whom we disclosed Personal Information to; and the specific pieces of Personal Information we have collected about you in the twelve (12) months preceding your request for your Personal Information.

Deletion

The right to have your Personal Information deleted. However, please be aware that we may not fulfill your request for deletion if we (or our service provider(s)) are required or permitted to retain your Personal Information for one or more of the following categories of purposes: (1) to complete a transaction for which the Personal Information was collected, provide a good or service requested by you, or complete a contract between us and you; (2) to ensure our website integrity, security, and functionality; (3) to comply with applicable law or a legal obligation or exercise rights under the law (including free speech rights); or (4) to otherwise use your Personal Information internally, in a lawful manner that is compatible with the context in which you provided it.

Correction

You have the right to request that we correct any incorrect Personal Information that we collect or retain about you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see below), we will correct (and direct any of our service providers that hold your data on our behalf to correct) your Personal Information from our records, unless an exception applies. We may deny your correction request if (a) we believe the Personal Information we maintain about you is accurate; (b) correcting the Personal Information would be impossible or involve disproportionately burdensome efforts; or (c) if the request conflicts with our legal obligations.

Automated Decision Making

You have the right to request information about the logic involved in automated decision-making and a description of the likely outcome of processes, and the right to opt out. Dine uses an application programming interface to make menu item suggestions to consumers who order on our Sites based on the guest’s online interactions and purchase history. As currently defined by the CCPA, as amended by the CPRA, Dine does not believe this functionality qualifies as automated decision-making but will await further guidance from the California Privacy Protection Agency.

To Opt Out of Sales or Sharing of Personal Information

You have the right to opt out of the “sharing” or “selling” of your Personal Information as those terms are defined by the CCPA, as amended by the CPRA. Dine does not sell your Personal Information. In order to opt out of our “sharing” of your Personal Information, you may opt out by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC). Dine Brands honors Opt-Out Preference Signals, including GPC.

If you choose to use an Opt-Out Preference Signal, you will need to turn it on for each supported browser or browser extension you use. Additionally, you can exercise your rights by clicking the “Do Not Share My Personal Information” link in the cookie banner presented to you when you first visit our Sites.

Limit Use of Sensitive Personal Information

Dine does not use or disclose Sensitive Personal Information other than to provide our services reasonably expected by you. However, if we used or disclosed Sensitive Personal Information for other purposes, you would have the right to opt out.

14.3 CCPA/CPRA Verifiable Consumer Request

To submit a request, please contact us at (866) 926-5019, or complete the privacy web form located here. You may only make a request to exercise your rights on behalf of yourself. You also have a right to submit requests to exercise your rights under the CCPA, as amended by the CPRA through an authorized agent. An authorized agent must be registered with the Secretary of State in California to conduct business in California. If you choose to use an authorized agent, you may be required to: (a) provide signed permission to that authorized agent to submit requests on your behalf, (b) verify your identity directly with Dine, and (c) directly confirm with Dine that you granted permission to the authorized agent to submit the request on your behalf. For clarity, you are required to verify the identity of both yourself and the authorized agent.

If we cannot initially verify your identity, we may request additional information to complete the verification process. We will only use Personal Information provided in a request to verify the requestor’s identity. To verify your identity when you submit or your authorized agent submits a request, we will match the identifying information you provide us to the Personal Information we have about you. If you have an account with us, we will also verify your identity through our existing authentication practices for your account. Once we receive your request, we will notify you of receipt within 10 days and promptly take steps to respond to your request within 45 days. If we require additional time, we will inform you of the reason and extension period as permitted by the CCPA, as amended by the CPRA. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request.

We do not charge a fee to process or respond to your requests unless they are excessive or repetitive. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We may deny certain requests, or only fulfill some in part, as permitted or required by law. For example, if you request to delete Personal Information, we may retain Personal Information that we need to retain for legal purposes.

14.4 Non-Discrimination

We will not discriminate against you in the event you exercise any of the aforementioned rights under the CCPA, as amended by the CPRA, including, but not limited to, by:

14.5 Accessibility

This Privacy Policy is available to consumers with disabilities. To access this Notice in an alternative downloadable format, please click here.

15.0 Notice of Financial Incentive

If you sign up for our Applebee’s, IHOP, or Fuzzy’s loyalty programs, you will receive credit for each dollar spent at participating restaurants, which can be redeemed for reward items or free food.

When you sign up for the Applebee’s loyalty program at https://www.applebees.com/en/sign-up, we will ask you to submit the following personal information:

When you sign up for the IHOP loyalty program (International Bank of Pancakes) at https://www.ihop.com/rewards, we will ask you to submit the following personal information:

When you sign up for the Fuzzy’s loyalty program at https://fuzzystacoshop.com/rewards/, we will ask you to submit the following personal information:

Please be aware that you may withdraw from the loyalty programs at any time by e-mailing us at privacydesk@dinebrands.com or calling (866) 926-5019.

16.0 Children’s Information

Our Sites are not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Sites. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on the Sites or on or through any of its features, including your name, address, telephone number, e-mail address, or any username you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at privacydesk@dinebrands.com.

17.0 Changes to Our Privacy Policy

It is our policy to post any changes we make to our Privacy Policy on this page. If we make material changes to how we treat our users’ personal information, we may notify you by e-mail to the primary e-mail address specified in your account and/or possibly through a notice on our Sites’ home pages. The date the Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable e-mail address for you and for periodically visiting our Sites and this Privacy Policy to check for any changes.

18.0 Contacting Us

For any questions, or to request further information regarding this Privacy Policy, please contact us at privacydesk@dinebrands.com. You may also call (866) 926-5019 for telephonic assistance.