Last updated: 10th August 2022
Premier Restaurants Malta Limited (“Premier Restaurants”, “we” or “us”) which controls and operates from its address at Ninteneen Twenty Three,Valletta Road, Marsa, MRS 3000 Malta, is committed to protecting and respecting your privacy.
The data controller of your personal information is Premier Restaurants Malta Limited with registered seat at Nineteen Twenty Three, Valletta Road, Marsa, MRS 3000, Malta.
We will process your data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act, Chapter 586 of the Laws of Malta, and its subsidiary legislation.
Your personal information is processed on the basis of your consent (Art. 6(1)(a) GDPR).
We may collect personal information about you when you use the MCDONALD’S APP (the “App”). The information we collect falls into three categories: (a) information you provide us; (b) information we collect through automated methods, and (c) information we collect from other sources.
Generally, the provision of your personal information is voluntary. However, there may be situations where the provision of your personal information is necessary to provide a service or is required by law. Please note that in certain cases, we may be unable to provide you with our services unless you provide the information. We will let you know when the providing of your personal information is necessary.
We may combine the information you provide us, with information that is collected through automated methods, and with information we receive from other sources.
You may provide us the following information:
- personal details, such as your name, email address, phone number, date of birth (optional) and gender (optional), when you register with the App, enter one of our competitions, or contact us by phone or through our App;
- transaction information, including information about the products you buy, ;
- information relating to the loyalty scheme, your loyalty points and preferences and the way you redeem offers and loyalty points;
- account information, such as your username or password (or anything else that identifies you) used to access our App or to buy or use our products and services;
- profile information, including products and services you like, or times you prefer to visit us or the frequency you use the services; and
- other personal information you choose to provide us when you interact with us.
We collect information through automated methods. We may use automated technology to collect information from your mobile device when you use our App.
We may collect information about your:
- internet protocol (IP) address;
- date and time of access of our App;
- name and URL of the file retrieved when you use our App;
- mobile-device operating system;
- type of mobile device and its settings;
- unique device identifier (UDID) or mobile equipment identifier (MEID) for your mobile device;
- device and component serial numbers;
- advertising identifiers (for example, IDFAs and IFAs) or similar identifiers;
- referring website (a site that has led you to ours) or application;
- communications to us or regarding us on social media;
- activity related to how you use our App, such as the sections you visit in our App;
- the way you redeem points collected through your participation in any rewards program; and
- the offers and any rewards program which you may choose to participate in using our App.
Our online services and in-restaurant technology may collect information about the exact location of your mobile device or computer using geolocation and technology such as GPS, Wi-Fi, Bluetooth, or cell tower proximity. For most mobile devices and computer systems, you will be requested to give your permission for McDonald’s to process this information. You are able to withdraw your permission for us to collect this information by using the device or web-browser settings. If you have any questions about how to prevent us from collecting exact information about your location, we recommend you contact your mobile-device service provider, the device manufacturer, or your web-browser provider. Some online services and in-restaurant technology may not work properly without information about your location. If you would like us to delete information we have collected which could identify your location, please contact using the contact information provided below. By law, we may need to keep certain information.
We collect information from other sources
We may collect information about you from other companies and organizations, including public databases, social media platforms, or third-party partners such as analytics or marketing providers. We may also collect information that is publicly available. For example, we may collect public profile information about you when you interact with us through social media. We may also hold onto your communications to us or regarding us on social media.
We may combine the information you provide us, with information that is collected through automated methods, and with information we receive from other sources.
We may use the information we collect in the following ways
To provide our services through the App:
- provide you our App;
- communicate with you about your orders, purchases or accounts with us, requests, questions and comments;
- provide customer support, including to process any concerns about our App.
- communicate with you about your account
- handle requests, questions, and comments
- redeem the offers you choose each time;
- manage your participation in any rewards program, meaning the collection of points and their redemption;
To market to you, improve our services through the App, and the following:
- tell you about our products and services, competitions, offers, promotions or special events that we believe may interest you (if you give us permission to do so);
- communicate with you about your offers and rewards programs, requests, questions, and comments;
- personalize your experience on our App;
- manage our business, including developing new products and services, conducting consumer and operations research, and assessing the effectiveness of our sales, marketing, and advertising;
- use analytics and profiling technology to personalize your experience, deliver content (including advertising) tailored to your interests and how you use our App, manage our business, help diagnose technical and service issues, administer our App, identify users of our online services, identify a device for fraud prevention purposes, gather demographic information about our customers, and determine usage patterns of our services;
- ensure the security of our networks and systems;
- maintain, manage, and improve our products, offers, promotions, reward programs, the App and other technology;
To comply with applicable law:
- protect against, identify and prevent fraud and other crime, claims and other liabilities;
- comply with legal obligations and our policies;
- establish, exercise or defend a legal claim; and
- monitor and report compliance issues.
With your consent (where required by applicable law), we may use the information we collect for the following purposes:
- to send you e-mails, or push notifications or about our products and services, competitions, offers, promotions or special events that we believe may interest you; and
- provide location-based services.
We may use the information we collect about you in other ways, which we will tell you about upon collection or for which we will seek your consent.
We do not, and will not, sell any of your personal data to any third party – including your name, address, email address or credit card information. It is not our business to do so – and we want to earn your trust and confidence. We will only share your information as described in this privacy statement.
However, we share your data with the following categories of companies as an essential part of being able to provide our services to you, as set out in this statement:
- Companies in the Premier Restaurants Malta Ltd. group to which www.mcdonalds.com.mt belongs, as sometimes different entities of our group are responsible for different activities (especially licensed ones); This includes Premier Restaurants Malta Ltd. – related entities and members of the Hili Ventures Ltd. (our mother group). Related entities and subsidiaries use the information collected to help us improve the content and functionality of our App; to better understand our customers and markets; and to improve our products and services. Members of the group vary from time to time.
- Professional service providers, such as marketing agencies, advertising partners and website hosts who service us in turn to operate our business. We have partnered up with Plexure for the creation and maintenance of the App.
- Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud.
- We may share your personal information with suppliers who help to protect you and McDonald’s from fraud. One such supplier is Sift Science, Inc. (‘Sift’) who uses the information as a controller for the benefit of McDonald’s and others in accordance with its privacy notice located at https://sift.com/service-privacy. To exercise your rights in relation to Sift’s processing of your personal data, please contact Sift directly as set out in Part VI (How to contact us) of Sift’s privacy notice.
- Other companies that you may approve, such as social media sites (if you choose to link your accounts to us) or payment service providers.
In most circumstances we will not disclose personal data without consent. However there may be occasions where we might have to – e.g. with a court order, to comply with legal requirements and satisfy a legal request, for the proper administration of justice, to protect your vital interests, to fulfil your requests, to safeguard the integrity of the relevant websites operated by us or by such related entities or subsidiaries, or in the event of a corporate sale, merger, reorganisation, dissolution or similar event involving us and/or our subsidiaries and related entities.
When we do share data, we do so on an understanding with the other entities that the data is to be used only for the purposes for which we originally intended – again, we don’t want you to have any surprises.
We may also provide third parties with aggregated but anonymised information and analytics about our customers and, before we do so, we will make sure that it does not identify you.
We have the right to use or share information as necessary to keep to any law, regulation or legal request, to protect our App and in-restaurant technology, to bring or defend legal claims, to protect the rights, interests, safety and security of our organization, our employees or franchisees, or members of the public, or in connection with investigating fraud or other crime, or violations of our policies.
If you have agreed to receive marketing communications from us, you can later opt out by following the opt-out instructions in the marketing communications we send you. You can also generally find your communication preferences with instructions on how to opt out in the profile section of the App. You may also have the ability to change your communication preferences using your device settings. You can also opt out by contacting us by using the contact details in the “How to contact us” section below.
If you do opt out of receiving marketing communications from us, we may still send communications to you about your transactions, any accounts you have with us, and any contests, competitions, prize draws or sweepstakes you have entered.
We do not share personal information with third parties for their own direct marketing purposes.
We keep your information for the length of time needed to carry out the purposes outlined in this privacy statement and to adhere to our policies on keeping records (unless a longer period is needed by law). If you stop using the App, we will retain your personal data for a period of one (1) year from the last transaction. When this period is going to elapse, you will be notified that we will be deleting your account and personal data due to your inactivity.
You are in control of any personal information you provide to us through our App. If at any time, you would like to correct the personal information we have about you, please contact us, using the contact details provided in the “How to contact us” section below.
We, and our vendors who provide services to us, use technologies on our App to collect information and provide you with the services.
For example, we may use certain technologies to:
- uniquely identify you or your device;
- allow you to access and use our App, where without them, our App may not work properly;
- further system security where appropriate;
- statistical purposes, in order to measure use of our App;
- improve our products and services;
- help us monitor the performance (e.g., traffic, errors, page load time, popular sections, etc.) of our App;
- remember you, for your convenience, when you visit our App;
- to determine how you use the content in the App or the frequency you redeem offers and rewards provided through the App
- help customize your experience;
- to market to you through targeted advertising through the App; and
- for other purposes described in the section of this privacy statement titled, “How we use the information we collect.”
We may also have providers of other apps, tools, widgets and plug-ins on our App, such as Facebook “Like” buttons, which may also use automated methods to collect information about how you use these features. These organizations may use your information in line with their own policies.
We keep your information for the length of time needed to carry out the purposes outlined in this privacy statement and to adhere to our policies on keeping records (unless a longer period is needed by law). Our records policies reflect applicable laws. We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, enforce our agreements, and as otherwise described in this statement.
Your personal information that we collect may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) as part of the processing described in this privacy statement. As mentioned above, we also subcontract processing to, or share your personal information with Plexure, which is located outside the EEA, in New Zealand.
Even though New Zealand is located outside the EEA, it has been deemed by the European Commission to be a country offering adequate protection of personal data. This means that the standard of data protection in this country is equal to that of the EU/EEA and your personal data is therefore being protected in the same way as if it were being processed within the EEA. If you have any questions about the safeguards we use when transferring your personal information internationally, please contact us using the contact information provided in the “How to contact us” section below.
If we ever have to share data with any other entities that are outside of the EEA, we will be sure to do so in a manner that complies with the requirements established by the GDPR.
We are committed to taking appropriate measures designed to keep your personal information secure. Security of your personal data is very important to us. Our technical, administrative and physical procedures are designed to protect personal information from accidental, unlawful or unauthorized loss, access, disclosure, use, alteration, or destruction.
You may complete a registration process when you sign up to use parts of the App. This may include the creation of a username, password and/or other identification information. Any such details should be kept confidential by you and should not be disclosed to or shared with anyone.
Where you do disclose any of these details, you are solely responsible for all activities undertaken where they are used.
Whenever you create a password, then to protect your account you should choose a strong password, meaning it should be lengthy and include a mixture of letters and numbers with mix of CAPS. You may also use Multi Factor Authentication to sign into the App. This is an additional security measure we have enabled so as to protect your personal data.
We do our best to keep the information you disclose to us secure. While we make efforts to protect our information systems, no website, mobile application, computer system, or transmission of information over the internet or any other public network can be guaranteed to be 100% secure.
In connection with your personal information rights, you may request the following:
- Where processing your personal information is based on your consent you may withdraw this consent at any time; the withdrawal of the consent shall not affect the lawfulness of processing based on consent before its withdrawal;
- Request access to your personal information and obtain a copy of it;
- Obtain your personal information in a structured, commonly used and machine-readable format and request us to transmit it directly to another company in cases you provided us with your personal information and it is processed based on your prior consent, or required for the performance of a contract;
- Have your personal information corrected when it is inaccurate or incomplete;
- Have your personal information erased, including any links to, copy or replication of such information, as permitted under applicable law; for instance, when your information is outdated, not necessary or unlawful or when you withdraw your consent to our processing based on such consent, or when you successfully object to our processing;
- Obtain the restriction of the processing while we are processing your request or challenge pertaining to the accuracy of your personal information or the lawfulness of the processing of your personal information and our legitimate interests to process this information, or if you need the personal information for litigation purposes.
You may exercise these rights free of charge unless the request is unfounded or excessive, for instance because it is repetitive.
For the exercise of your rights, please contact us using the contact details provided in the “How to contact us” section below. In some situations, we may refuse to act or may impose limitations on your rights, as permitted by applicable law. Before we are able to provide you with any information or correct any inaccuracies, we may ask you to verify your identity and/or provide other details to help us respond to your request.
In all cases, you have a right to file a complaint with the Information and Data Protection Commissioner (IDPC), which is the supervisory authority for data protection in Malta, should you deem it necessary to do so.
This privacy statement is in effect as of the date noted at the top of the statement. We may change this privacy statement from time to time. If we do, we will post the revised version here and change the “last updated date” (the date it applies from) at the top of the statement. We will notify you should we make changes to this statement. You can also check here regularly for the most up-to-date version of the statement.
We are always happy to hear from you, whether to make a suggestion but especially if you feel we can do better.
Premier Restaurants Malta Limited
Premier Restaurants Malta Ltd.
Nineteen Twenty Three,
Marsa, Malta MRS 3000
We have appointed a Data Protection Officer who may be contacted here: [email protected]