Last Updated/Effective Date: July 1, 2023
Your privacy is important to us. Dine Brands Global, Inc. understands your concerns regarding how information about you is used and shared, and we appreciate that you trust us to use and share information about you carefully and sensibly.
2.0 How Do We Collect Your Information?
Dine collects information relating to you and your use of the Sites or Facilities to provide services and features that are responsive to your needs. Dine collects personal information in the following ways:
- From our franchisees. We may receive information about you from our Applebee’s, Fuzzy’s, and IHOP franchisees, including information that you provide onsite at our franchisee restaurants.
- From our apps. We may collect information from your mobile device when our apps are installed on your mobile device, or you provide your information to us via the apps.
- From other third-party sources. We may receive information about you from our third-party service providers who help us to provide services to you, including our Sites and social media providers.
- Automatically as you navigate the websites and apps. Information collected automatically may include usage details, email address, IP addresses, and information collected through cookies and other tracking technologies.
3.0 What Information Do We Collect?
3.1 Information You Provide to Us
We may collect the following information about you including, but not limited to:
- First and last name
- Postal address and/or zip code
- Email address
- Phone number
- Date of birth
- Military or veteran status
- External social network credentials
- Credit card or other payment information
- Mobile app and/or website log-in credentials
- Location data
- Surveillance data
- Demographic information
- Dining preferences
- Who you typically dine with (e.g.,family and friends)
- When you normally visit our restaurant locations (e.g.,breakfast, lunch, and dinner)
- How often you visit our restaurant locations
- Feedback and/or guest relations data
3.2 Information We and Our Third-Party Service Providers Collect
When you use our Sites, we and our third-party service providers automatically collect information about how you access and use the Sites and information about the device you use to access the Sites. We typically collect this information through a variety of tools including cookies, web beacons, pixels, social media widgets, other tools to enable data recording and indexing, and similar technology (collectively, “tracking technologies”). We and our third-party partners may automatically collect information such as:
- IP or MAC address
- Device type
- Unique device identifier (UDID)/other device identifier (IMEI)
- Browser type
- Operating system or platform
- Name of Internet Service Provider (ISP)
- Referring website
- Exiting website
- Clickstream data
- Search terms entered on the websites(s)
- Pages visited on the website(s)
- Time, date, and duration of visit to the website(s)
- Whether you open emails from us
- Links you click on in our emails and on our Sites including ads
- Whether you access our Sites from multiple devices
- Other interactions you may have on our Sites
- Location/geo-location (e.g., latitude/longitude, Wi-Fi/cell tower location, etc.)
4.0 How Do We Use Your Personal Information?
We process personal information to provide services to you and additional services you request, as well as to respond to communications from you. The precise purposes for which your personal information is processed will be determined by the request and by applicable laws, regulatory guidance, and professional standards.
We use information we collect from you and information that we collect automatically to manage and improve our Sites and our business. We take steps to ensure that your rights are safeguarded. For example, we use information to:
- To provide services to you.
- To provide our Sites and their functionalities to you.
- To provide you with location-specific services. If you elect to share your location information with us, we may use that information to tailor options, functionalities, or offers related to your location.
- To market our own services to you. If you join our rewards programs and other special marketing campaigns, we may use your personal information including demographic information, birthday, personal preferences, purchase history, franchise locations you visit, and information about you from third-party sources—including your location information and online browsing across time and third-party sites—to send you real time, geographically relevant, and personalized offers, services, and promotions for our brands, affiliates, or third-party partners.
- To conduct data analytics to support our Sites and business.
- To manage our business needs, such as monitoring, analyzing, and improving the services and the Sites’ performance and functionality. For example, we analyze website user behavior and conduct research and analysis about the way you and other users use our Sites.
- To manage risk and protect the Sites and Facilities. We use data to better protect our services, our Sites, our Facilities, and you by helping to detect and prevent fraud and abuse.
- Tailor our offerings to your apparent interests.
- To operate and improve our business.
- To maintain our records.
- Conduct internal monitoring and training.
- Develop new services and products.
- Conduct processing necessary to fulfill other contractual obligations for you.
- To comply with our legal and regulatory obligations. We will use your information as necessary to enforce the terms of our Sites and services to comply with all applicable laws and regulations.
- For other purposes for which you provide your consent. For other purposes which are disclosed to you at the time your information is collected or for purposes which can be inferred from or are obvious given the circumstances of collection.
Sometimes we may de-identify information by removing identifiers that can be used to associate the information with you. De-identified information helps us develop reports and analyses about how our customers use our Sites and for other purposes such as research regarding behavioral inferences. To further protect your privacy, de-identified information does not include contact information or any other information that would identify any specific individual or household.
5.0 Do We Disclose Any Information to Outside Parties?
We do not sell your personal information to third parties, but we do share your personal information in the circumstances described below.
- The public and other companies. We may share de-identified information via reports and analyses publicly and with other companies.
- Our affiliates. We may share your personal information with our affiliates and between all Dine brands (including Applebee’s, IHOP, and Fuzzy’s) to serve you, including for the activities listed above.
- Our franchisees. We may share your personal information with Applebee’s, IHOP, and Fuzzy’s franchisees.
- Third-party service providers. We may disclose your personal information to our vendors and other third-party service providers, such as credit card processors and website hosts, that help us provide services, support features on our Sites or in franchise restaurants, or otherwise market our brands. We may also disclose aggregated, de-identified information, and analyses and reports derived from such information, to service providers, advertisers, merchants, consumer and market research companies, and other organizations. These service providers are responsible for their own compliance with data protection laws.
- Legal requirements and business transfers. We may disclose personal information: (i) if we are required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other government official requests; (ii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss; (iii) in connection with an investigation of a complaint, security threat, or suspected or actual illegal activity; (iv) in connection with an internal audit; or (v) in the event that Dine is subject to mergers, acquisitions, joint ventures, sales of assets, reorganizations, divestitures, dissolutions, bankruptcies, liquidations, or other types of business transactions. In these types of transactions, personal information may be shared, sold, or transferred, and it may be used subsequently by a third party.
6.0 What Choices Do You Have About Your Personal Information?
We offer certain choices about how we communicate with you and what personal information we obtain about you and share with others.
- Profile. If you have created a profile or account on our Sites, you can update your contact information after you log into your account.
- E-mail. If you no longer wish to receive promotional or informational emails from us, you may opt-out from receiving future emails from us by following the instructions for unsubscribing in the promotional or informational emails we send you or by contacting us at the email address or phone number below.
- Rewards programs and marketing campaigns. Your participation in our special rewards programs and other marketing campaigns is completely up to you, and if at any point you no longer wish to be a member or participate in these programs, you may opt out according to the instructions provided in the communication or by contacting us at [email protected].
- IHOP Text Messaging Mobile Program. If you have opted into a promotional text-based campaign, and no longer wish to receive SMS messages from IHOP, you may opt out from receiving future SMS messages from IHOP by texting STOP to 90536 or by contacting us at the email address or phone number below. Please note that even if you opt out of receiving future text-based or email marketing communications from us, we may still contact you about your account or any products or services you have purchased from us, engage with you in general advertising practices such as television or online ads, and respond to your inquiries or requests for information. To contact IHOP customer service, call (866) 444-5144 or email IHOP at https://www.ihop.com/en/contact-us.
- Do Not Track. Because there currently is not an industry or legal standard for recognizing or honoring Do Not Track (“DNT”) signals, we do not respond to them at this time.
- Location data. You may opt out of having your location data collected by Dine at any time by editing the appropriate setting on your mobile device (which is usually located in the settings of your device) or by emailing [email protected].
7.0 Use and Disclosure of Non-Personal Information
Dine may collect, use, share, transfer, and otherwise process de-identified and aggregated information that it receives or creates for any purpose in its sole discretion, in compliance with applicable laws. Dine is the sole and exclusive owner of such de-identified and aggregated information, including if Dine de-identifies personal information so that it is no longer considered personal information under applicable laws.
8.0 Data Automatically Collected
Dine uses Google Analytics to process personal information about your use of our Sites. Google sets cookies on your browser or device, and then your web browser will automatically send information to Google. Google uses this information to provide us with reports that we use to better understand and measure how users interact with our Sites.
We use third parties and/or service providers to provide interest-based advertising services. These services may serve advertisements on our behalf that are customized based on predictions about your interests generated from your visits to websites (including our Sites) over time and across different websites. The data collected may be associated with your personal information. These advertisements may appear on our Sites and on other websites and may be sent to you via email.
To change your preferences with respect to certain online ads or obtain more information about ad networks and online behavioral advertising, visit National Advertising Initiative Consumer Opt-Out Page or the Digital Advertising Alliance Self-Regulatory Program. Changing your settings with individual browsers or ad networks will not necessarily carry over to other browsers or ad networks. As a result, depending on the opt-outs you request, you may still see our ads. Opting out of targeted advertising does not opt you out of all ads, just those targeted to you.
9.0 Social Media
We are active on social media including, but not limited to, Facebook, YouTube, Twitter, Instagram, and LinkedIn (“Social Media”). Anything you post on Social Media is public information and will not be treated confidentially. We may post (or re-post) on the Sites and our Social Media pages any comments or content that you post on our Social Media pages.
10.0 Location of Our Sites
Our Sites are hosted and operated in the United States. However, we and our service providers may store information about individuals in the United States, or we may transfer it to, and store it within, other countries.
Visitors from jurisdictions outside the United States visit us at their own choice and risk. If you are not a resident of the United States, you acknowledge and agree that we may collect and use your personal information outside your home jurisdiction and that we may store your personal information in the United States or elsewhere. Please note that the level of legal protection provided in the United States from which you may access our Sites may not be as stringent as that under privacy standards or the privacy laws of other countries, possibly including your home jurisdiction.
11.0 How Long Do We Retain Your Personal Information?
12.0 Third-Party Links
Occasionally, at our discretion, we may include or offer third-party products or services on our apps. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. We urge you to read the privacy policies of other websites before submitting any information to those websites.
13.0 How Do We Protect Your Information?
Dine has implemented reasonable physical, technical, and administrative security standards to protect personal information from loss, misuse, alteration, or destruction. We strive to protect your personal information against unauthorized access, use, or disclosure, using security technologies and procedures, such as encryption and limited access. Only authorized individuals access your personal information, and they receive training about the importance of protecting personal information.
14.0 California Privacy Notice
Under California Civil Code Section 1798.83, individual customers who reside in California and who have an existing business relationship with us may request information about our disclosure of certain categories of personal information to third parties for the third parties’ direct marketing purposes, if any.
To make such a request, send an email with the subject heading “California Privacy Rights” to [email protected]. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by these California privacy rights requirements, and only information on covered sharing will be included in our response. This request may be made no more than once per calendar year. Please note that separate requests related to the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”), shall be submitted as described below.
14.1 CCPA/CPRA Notice
Pursuant to applicable California law, including the CCPA as amended by the CPRA, Dine makes the following disclosures regarding the Personal Information Dine has collected and disclosed within the last 12 months, where “Personal Information” (“PI”) has the definition set forth in the CCPA as amended by the CPRA:
|Category of PI||Collected||Category of Source from which PI is Collected||Purpose of Collection||Third Parties to whom PI is Disclosed for a Business Purpose||Third Parties to whom PI is Sold or Shared||Retention Period|
|Identifiers.||Yes.||Directly from you.||To provide our services to you, including our loyalty programs; to enable access to our Sites.||Service Providers.||We do not sell this category of PI. We share this category of PI with third parties for purposes of cross-context behavioral advertising.||We mostly retain this category of PI for 1 year from the date of your last interaction with us. However, in certain limited circumstances, such as to maintain records of guest relations issues, we retain this category of PI for up to 6 years.|
|PI categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||Yes.||Directly from you.||To process orders or other transaction made on our Sites.||Service Providers.||We do not sell or share this category of PI.||We mostly retain this category of PI for 1 year from the date of your last interaction with us. However, in certain limited circumstances, such as to maintain records of guest relations issues, we retain this category of PI for up to 6 years.|
|Protected classification characteristics under California or federal law.||Yes.||Directly from you.||To provide you our services, including our loyalty programs.||Service Providers.||We do not sell or share this category of PI.||1 year from the date of your last interaction with us.|
|Commercial information.||Yes.||Directly from you.||To market our services to you and tailor offers to your interests.||Service Providers.||We do not sell or share this category of PI.||1 year from the date of your last interaction with us.|
|Internet or other similar network activity.||Yes.||Cookies and other tracking technologies.||To conduct data analytics.||Service Providers.||We do not sell this category of PI. However, we share this category of PI with third parties for purposes of cross-context behavioral advertising.||Varies depending on the website and the type of cookie collecting this PI, but generally no more than 2 years. One exception is a cookie associated with the Sitecore Content Management System, used for web analytics to identify repeat visits by unique users, that has a lifespan of 10 years.|
|Geolocation data.||Yes.||Cookies and other tracking technologies.||To provide you with location-specific services, such as showing nearby restaurants in our Sites.||None.||We do not sell or share this category of PI.||1 year from the date of your last interaction with us|
|Professional or employment-related information.||No.||N/A.||N/A.||N/A.||N/A.||N/A.|
|Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99).||No.||N/A.||N/A.||N/A.||N/A.||N/A.|
|Inferences drawn from other PI.||Yes.||Directly from you.||To market our services and tailor offers to your interests.||None.||We do not sell or share this category of PI.||1 year from the date of your last interaction with us.|
|Sensitive PI.||Yes.||Directly from you.||To market our services and tailor offers to your interests.||Service Providers.||We do not sell or share this category of PI.||1 year from the date of your last interaction with us.|
14.2 CCPA/CPRA Rights
If you are a California resident, you have the following rights:
|Notice||The right to be notified of what categories of Personal Information will be collected at or before the point of collection and the purposes for which they will be used and shared.|
|Access||The right to request the categories of Personal Information we have collected about you; the categories of sources from which the Personal Information was collected; the business or commercial purpose for collecting, selling, or sharing Personal Information; the categories of third parties to whom we disclosed Personal Information to; and the specific pieces of Personal Information we have collected about you in the twelve (12) months preceding your request for your Personal Information.|
|Deletion||The right to have your Personal Information deleted. However, please be aware that we may not fulfill your request for deletion if we (or our service provider(s)) are required or permitted to retain your Personal Information for one or more of the following categories of purposes: (1) to complete a transaction for which the Personal Information was collected, provide a good or service requested by you, or complete a contract between us and you; (2) to ensure our website integrity, security, and functionality; (3) to comply with applicable law or a legal obligation or exercise rights under the law (including free speech rights); or (4) to otherwise use your Personal Information internally, in a lawful manner that is compatible with the context in which you provided it.|
|Correction||You have the right to request that we correct any incorrect Personal Information that we collect or retain about you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see below), we will correct (and direct any of our service providers that hold your data on our behalf to correct) your Personal Information from our records, unless an exception applies. We may deny your correction request if (a) we believe the Personal Information we maintain about you is accurate; (b) correcting the Personal Information would be impossible or involve disproportionately burdensome efforts; or (c) if the request conflicts with our legal obligations.|
|Automated Decision Making||You have the right to request information about the logic involved in automated decision-making and a description of the likely outcome of processes, and the right to opt out. Dine uses an application programming interface to make menu item suggestions to consumers who order on our Sites based on the guest’s online interactions and purchase history. As currently defined by the CCPA, as amended by the CPRA, Dine does not believe this functionality qualifies as automated decision-making but will await further guidance from the California Privacy Protection Agency.|
|To Opt Out of Sales or Sharing of Personal Information||
You have the right to opt out of the “sharing” or “selling” of your Personal Information as those terms are defined by the CCPA, as amended by the CPRA. Dine does not sell your Personal Information.In order to opt out of our “sharing” of your Personal Information, you may opt out by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC). Dine Brands honors Opt-Out Preference Signals, including GPC.
If you choose to use an Opt-Out Preference Signal, you will need to turn it on for each supported browser or browser extension you use. Additionally, you can exercise your rights by clicking the “Do Not Share My Personal Information” link in the cookie banner presented to you when you first visit our Sites.
|Limit Use of Sensitive Personal Information||Dine does not use or disclose Sensitive Personal Information other than to provide our services reasonably expected by you. However, if we used or disclosed Sensitive Personal Information for other purposes, you would have the right to opt out.|
14.3 CCPA/CPRA Verifiable Consumer Request
To submit a request, please contact us at (866) 926-5019, or complete the privacy web form located here.You may only make a request to exercise your rights on behalf of yourself. You also have a right to submit requests to exercise your rights under the CCPA as amended by the CPRA through an authorized agent. An authorized agent must be registered with the Secretary of State in California to conduct business in California. If you choose to use an authorized agent, you may be required to: (a) provide signed permission to that authorized agent to submit requests on your behalf, (b) verify your identity directly with Dine, and (c) directly confirm with Dine that you granted permission to the authorized agent to submit the request on your behalf. For clarity, you are required to verify the identity of both yourself and the authorized agent.
If we cannot initially verify your identity, we may request additional information to complete the verification process. We will only use Personal Information provided in a request to verify the requestor’s identity. To verify your identity when you submit or your authorized agent submits a request, we will match the identifying information you provide us to the Personal Information we have about you. If you have an account with us, we will also verify your identity through our existing authentication practices for your account. Once we receive your request, we will notify you of receipt within 10 days and promptly take steps to respond to your request within 45 days. If we require additional time, we will inform you of the reason and extension period as permitted by the CCPA, as amended by the CPRA. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request.
We do not charge a fee to process or respond to your requests unless they are excessive or repetitive. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We may deny certain requests, or only fulfill some in part, as permitted or required by law. For example, if you request to delete Personal Information, we may retain Personal Information that we need to retain for legal purposes.
We will not discriminate against you in the event you exercise any of the aforementioned rights under the CCPA, as amended by the CPRA, including, but not limited to, by:
- denying goods or services to you;
- charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
- providing a different level or quality of goods or services to you; or
- suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
15.0 Notice of Financial Incentive
If you sign up for our Applebee’s, IHOP, or Fuzzy’s loyalty programs, you will receive credit for each dollar spent at participating restaurants, which can be redeemed for reward items or free food.
When you sign up for the Applebee’s loyalty program at https://www.applebees.com/en/sign-up, we will ask you to submit the following personal information:
- First and last name
- E-mail address
- Phone number (optional)
- Zip code
- Preferred Applebee’s location
- Veteran or active duty status (optional)
When you sign up for the IHOP loyalty program (International Bank of Pancakes) at https://www.ihop.com/rewards, we will ask you to submit the following personal information:
- E-mail address
- First and last name
- Zip code
- Preferred IHOP location
- Phone number (optional)
- Birthdate (optional)
When you sign up for the Fuzzy’s loyalty program at https://fuzzystacoshop.com/rewards/, we will ask you to submit the following personal information:
- Phone number
- First and last name
- Zip code
- Favorite location
Please be aware that you may withdraw from the loyalty programs at any time by e-mailing us at [email protected] or calling (866) 926-5019.
16.0 Children’s Information
Our Sites are not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Sites. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on the Sites or on or through any of its features, including your name, address, telephone number, e-mail address, or any username you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at [email protected].
18.0 Contacting Us