Effective Date: January 1, 2020
Last Updated: April 22, 2021
In this Policy, the terms “Shake Shack,” “we,” and “us” refer to Shake Shack Enterprises, LLC and its wholly owned and operated locations. This Policy does not apply to information collected by Shake Shack licensees, which maintain their own privacy policies and procedures.
By using any of the Services, you consent to the terms of this Policy.
The Personal Information Shake Shack Collects and How We Use It
In connection with your interactions with us through the Services, we may collect personal information from you or from other sources. This information may be information that you directly provide to us, such as information that you provide when you visit the Services, or information that is passively or automatically collected from you, such as information collected from your browser or device. The personal information we collect may identify you directly (e.g., your name). We also collect certain information that does not identify you directly, but in certain circumstances could allow you to be identified indirectly (e.g. certain technical data associated with devices that you use to interact with the Services).
For California residents only, please see the section below entitled “California Residents.” In that section we provide additional detail on our collection and use of personal information as that term is defined in California law.
In some instances, Shake Shack may also collect information from third party sources, upon whom we rely to provide the Services. We use both business partners and service providers, such as payment processors and analytics providers, to perform services on our behalf. Some of these partners may have access to information about you that we may or may not otherwise have (for example, where you sign up directly with that provider) and may share some or all of this information with us. We may use this information to administer and improve the Services and to conduct marketing and advertising campaigns.
In response to public health guidance or mandates from government authorities, we may collect health data from our guests as we deem appropriate to provide a safe space for them and our employees.
How We Share and Disclose Information
Shake Shack only shares personal information with affiliated companies, as well as business partners and service providers whom we rely on to help us provide better service to you. These companies need information about you to perform their service function (such as to process and fulfill your order, verify your credit card information, and to protect you from fraud). We also share information with specially chosen companies that help us with marketing functions (such as to manage our Internet business and to maintain and manage our customer information, as well as to market our products and services). We may engage vendors to serve advertisements on our behalf across the Internet and to provide analytics services. These vendors may collect certain technical or other information from you (e.g. clickstream information, browser type, time and date, hardware/software information, cookie ID, IP address, etc.) when you visit our Website or Mobile App, and may use that information to provide advertisements about goods and services that are deemed to be of greater interest to you.
We may also share your information for any other purpose as disclosed at the time of collection, or when we have otherwise obtained consent. Please note that this Policy is not intended to limit our ability to share or disclose aggregated, pseudonymized, or anonymized data. Shake Shack also reserves the right to use or disclose information as needed to satisfy any law, regulation or legal request, to fulfill your requests, to cooperate in any law enforcement or similar investigation, or to conduct any internal investigation or similar function we deem appropriate to protect our business.
How We Protect Your Information
Shake Shack uses technical, physical, and administrative security measures to reduce the risk of loss, misuse, unauthorized access, disclosure, or modification of your information. Examples of our safeguards include firewalls, data encryption, physical access controls, and administrative informational controls. When you transmit sensitive information through the Website or in the Mobile App, we encrypt the transmission of that information using the Secure Sockets Layer (SSL) protocol. No system or network can be guaranteed to be 100% secure. As a result, we recommend that you help us keep your information safe by taking reasonable steps such as keeping your passwords private, changing them from time to time, and not disclosing personal data in places that can be accessed publicly.
We retain your information only for as long as is necessary to provide the Services and to fulfill the transactions you have requested, or for other necessary purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements.
“Cookies” and Advertisers
The Website and the Mobile App server, or the servers of companies that are used to operate the Website and the Mobile App, may place “cookies” on your computer or device, store data in your computer browser or access features on your mobile device in order to allow you to use the Website and the Mobile App and to personalize your experience. A “cookie” is a small piece of data that can be sent by a web server to your computer, which then may be stored by your browser on your computer or device. Cookies and browser storage allow us to recognize your computer or device while you are on our Website and the Mobile App and help customize your online experience and make it more convenient for you. Cookies and browser storage are also useful in allowing more efficient log-in for users, tracking transaction histories, and preserving information between sessions. The information collected from cookies and browser storage may also be used to improve the functionality of the websites and applications.
Most web browser applications (such as Microsoft Internet Explorer, Google Chrome, Firefox and Apple Safari) have features that can notify you when you receive a cookie or prevent cookies from being sent. If you disable cookies or other device tracking features, however, you may not be able to use certain functions of the Website or the Mobile App.
Links to Other Sites
In some areas of the Website or the Mobile App, we may provide a link to another website. Other websites, including social media sites, have their own policies regarding privacy and security, and these may vary from ours.
The Services are directed toward and designed for use by persons aged 13 or older. Shake Shack will not approve applications of, or establish or maintain registrations for any child who Shake Shack knows to be under the age of 13. Shake Shack does not solicit or knowingly collect personally identifiable information from children under the age of 13. If Shake Shack nevertheless discovers that it has received personally identifiable information from an individual who indicates that he or she is, or whom Shake Shack otherwise has reason to believe is, under the age of 13, Shake Shack will delete such information from its systems. Additionally, a child’s parent or legal guardian may request that the child’s information be corrected or deleted from our files by requesting this via our Contact Us page.
If you have reason to believe that child under the age of 13 has provided personal data to us without parental consent, please contact us using any of the methods described in the “Contact Us” section of this Policy, and we will endeavor to delete that data from our systems.
This section supplements our Policy with additional information for California residents only. The California Consumer Privacy Act (“CCPA”) provides specific protections and rules with respect to California’s own definition of “Personal Information,” which includes information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. Personal Information includes any health data that we may collect in response to public health guidance or mandates from government authorities. As noted above, we collect information that you provide directly when you register for or use the Services, user credentials that you supply directly when you register for or update your login information to use the Services, demographic data, payment data, device data, usage data, location data, information about your interests and preferences, third party integrations, and other third party data. The below chart provides additional detail on the categories of Personal Information we collect and the purposes for which we use Personal Information, as to both our guests, our shareholders, and our employees.
|Categories of Personal Information Collected||Business Purposes for Collection|
|Personal Identifiers (e.g., name, email address, and date of birth)||
|Other personal information (e.g., driver’s license, credit card number, health insurance information)||
|Demographic information (e.g., gender, familial status, and citizenship status)||
|Commercial information (e.g., purchasing activity)||
|Biometric information (e.g., eye color)||
|Internet or other electronic activity information (e.g., clickstream data and information regarding interaction with a web site)||
|Geolocation data (e.g., mobile device location)||
|Audio, electronic, or visual information (e.g., photographs)||
|Professional or employment-related information (e.g., employment history, educational information)||
|Customer order information (e.g., order number)||
|Inferences drawn from personal information (e.g., preferences)||
|Employee tax-related information (e.g., garnishments and tax remittance)||
|· Other shareholder information (e.g., voting records)||
|· Miscellaneous categories of consumer information (e.g., household income, dietary habits, allergies)||
In accordance with the CCPA, California residents have the right to request that we disclose the following information about our collection and use of “Personal Information,” over the twelve months prior to your requests:
- The categories of Personal Information we collect about you.
- The categories of sources for the Personal Information we collect about you.
- Our business or commercial purpose for collecting, selling or sharing that Personal Information.
- The specific pieces of Personal Information collected about you.
- If we disclosed your Personal Information for a business purpose, a list of the categories of Personal Information we have disclosed in the prior twelve months.
- If we sold or shared your Personal Information for a business purpose, a list of the categories of Personal Information we have sold or shared in the prior twelve months.
You also have the right to request that we delete or correct any of your Personal Information. In some circumstances we may not be able to honor your request for deletion or correction – for example, if we need to hold on to your information to protect the security or functionality of our operations, to service your account, or to comply with legal obligations.
To ask for a record of the information we hold about you, or to ask us to delete your information, please visit this link, email us at [email protected], or call us at (844) 766-8973. You must provide enough information that we can verify who you are and that you are a California resident. We will only use personal information provided in a request to verify the requester’s identity and their authority to make the request.
You also have the right to direct us not to sell your personal information at any time. To opt out of the sale or sharing of your personal information, you may submit a request to us by visiting this link. Alternatively, you can click here: https://privacyportal.onetrust.com/webform/b3a9f5b0-b5f6-4102-abbf-d87d74e3e6b9/cac2ba7b-1c93-45d7-99d9-47090e5928f1
We will not deny services, charge different prices, offer a different quality of service or otherwise discriminate against your for exercising your rights under the CCPA.
Non-U.S. Visitors’ Rights
Shake Shack’s business is directed to United States customers Non-U.S. persons, including persons visiting our U.S.-based physical or digital locations from other countries, should be aware that in visiting us you are agreeing to be subject to U.S. privacy law rather than the laws of your home country.
This Policy went into effect, and was last revised, on the dates noted at the top of this webpage. We may update this Policy from time to time. If we make material changes, we will post the updated Policy on this page and change the date at the top of this webpage. We encourage you to look for updates and changes to this Policy periodically. Your continued use of the Services after any changes to this Policy are in effect constitutes your acceptance of revisions to the Policy.
We welcome your questions, comments, and concerns about privacy. You can contact Shake Shack Customer Service online at https://www.shakeshack.com/contact/; by email at [email protected]; or by postal mail at: Shake Shack Enterprises, LLC, 225 Varick Street, New York, NY 10014.