MDP FRANCHISING, LLC.
Milford, Connecticut, USA
TABLE OF CONTENTS
- Privacy Statement
- Consent to International Data Transfers
- Consent to Electronic Notice If There is a Security Breach
- Our Use of Your Personal Information and Type of Information We May Collect
- Personal Information That We Collect That You Provide Us
- Internet Users – Cookies, Internet Protocol (IP) Address, Aggregate Information
- Children and Data Collection
- Collection and Use of Employee Personal Information
- Verifications of Employment
- Medical Information
- Collection and Use of MDP Franchisee and Prospective Franchisee Information
- Collection and Use of MDP Development Agent Information
- Mobile Information
- Mobile Marketing Promotions and Advertising
- Forward-to-a-Friend and Refer-a-Friend
- Opt-Out of Email Updates
- Sharing of Personal Information
- Storage, Retention and Accuracy of Personal Information
- Access, Control and Update Personal Information About You
- Contact Information
- Links to Non-MDP Websites and Third Parties
- Social Media and Online Engagement
- Your California Privacy Rights
- Safe Harbor Compliance
- Members of the European Union
- Terms and Conditions of Website Use
1. Privacy Statement
- The European Union Data Protection Directive and the U.S. Department of Commerce Safe Harbor Program Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.
- Fair information practices established by the Organization for Economic Co-operation and Development (OECD).
- The Asia Pacific Economic Cooperation forum (APEC) Privacy Framework.
Franchise Brands, LLC, is the owner of MAMA DELUCA’S® Restaurant System. Franchise World Headquarters, LLC, (“FWH”) is an affiliate of and service provider to MAMA DELUCA’S® which provides its affiliates with certain services, including but not limited to franchise marketing, franchisee training, and accounting services.
3. Consent to Share and Disclose Information, Including International Data Transfers
4. Consent to Electronic Notice if there is a Security Breach
If MDP or a Recipient is required to provide notice of unauthorized access of certain security systems, you agree that MDP, or the Recipient, may do so when required or voluntarily by posting notice on the Website or sending notice to any email address MDP or the Recipient has for you, in the good faith discretion of MDP or the Recipient. You agree that notice to you will count as notice to any other individual for whom you are acting and agree to provide the notice to any such individual.
5. Our Use of Your Personal Information and Type of Information We May Collect
Personal Information is defined as any information concerning the personal or material circumstances of an identified or identifiable individual. An identifiable person is one who can be identified, directly or indirectly, by reference to a Social Security Number and/or Identification Number (hereinafter “SSN/I.N”) or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
Personal Information shall include but is not limited to: name(full name or first initial and last name), maiden name, nickname, email address, home address, home postal code, home telephone number, mobile phone number, date of birth, Social Security Number and/or Identification Number, financial information and employment related information such as may be found on resumes, applications, background verification information, or in employment references, photographic images (especially of face or other identifying characteristics, or other identifying characteristics such as eye, skin, and hair color, facial features, and personal marks such as tattoos, birthmarks, moles and scars) and video or voice recording.
MDP takes measures to maintain the confidentiality of your SSN/I.N to protect your SSN/I.N from unlawful disclosure, and to limit access to your SSN/I.N. MDP will not make your SSN/I.N available to the general public, print your SSN/I.N on any card, require you to provide your SSN/I.N to access any products or services, transmit your SSN/I.N over the Internet unless the connection is secure or your SSN/I.N has been encrypted, or requires the transmittal of your SSN/I.N to access our Website without requiring additional authentication.
Non-personal information is information that is already a matter of public record or knowledge. Business contact information is considered non-personal information and not subjected to special protection and it can be routinely shared with anyone inside or outside of the business. Business contact information shall include but is not limited to: business name, business address, business telephone number, and is not considered personal information in certain jurisdictions.
WE DO NOT COLLECT SENSITIVE DATA
Sensitive data is information that can include but is not limited to, an individual’s gender, racial or ethnic origins, politics, religion, trade union membership, veteran status, physical or mental health, disabilities, sex life, sexual orientation, or criminal (or alleged criminal) activities, proceedings or convictions. We will never collect Sensitive Personal Information except to comply with Affirmative Action data requirements.
6. Personal InformationWe Collect That You Provide Us
MDP will not collect customer Personal Information, unless the customer contacts MDP directly. In order to adequately address a customer’s concern, their Personal Information may be shared with our affiliate and service provider, FWH, and our affiliates within the MDP, the appropriate MDP Development Agents, and franchisees. The MDP Development Agents assist with franchise sales, site location, training, and provide operational assistance to franchisees. Failure to provide necessary information may prevent MDP from fully addressing any customer concerns.
For Instance, you may choose to communicate with us in some of the following ways:
- Subscription Services, such as, email and newsletters.
- User registration, such as access to www.mamadelucaspizza.com, member or non-public member pages.
- Financial Transaction Information;
- Promotions and Sweepstakes.
- Surveys and/or Voting.
7. Internet Users – Cookies, Internet Protocol (IP) Address, Aggregate Information
Cookies – In addition to Personal Information, we use data collection devices such as “cookies” on certain web pages to help analyze our web page flow and measure promotional effectiveness. A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer’s hard disk so that the website can remember who you are. A cookie will typically contain the name of the domain from which the cookie has come, the ‘lifetime’ of the cookie, and a value, usually a randomly generated unique number. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site and services.
A few important things you should know about cookies are that:
- Most cookies are “session cookies,” meaning that they are automatically deleted from your hard drive at the end of a session.
- You may encounter cookies from third parties on certain pages of the sites that we do not control. (For example, if you view a web page created by another user, there may be a cookie placed by that web page.)
Disabling/enabling Cookies – You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our site if cookies are disabled.
Web Beacon – Also called a Web bug or a pixel tag or a clear GIF. These tags collect anonymous (not personally identifiable) information about which advertisements and promotions bring users to our website. With both cookie and tag technology, the information that we collect and share is anonymous and not personally identifiable. It does not contain your name, address, telephone number, or email address.
Used in combination with cookies, a Web beacon is an often-transparent graphic image, usually no larger than 1 pixel x 1 pixel, which is placed on a website or in an e-mail that is used to monitor the behavior of the user visiting the website or sending the email. When the HTML code for the Web beacon points to a website to retrieve the image, at the same time it can pass along information such as the IP address of the computer that retrieved the image, the time the Web beacon was viewed and for how long, the type of browser that retrieved the image and previously set cookie values.
Web beacons are typically used by a third-party to monitor the activity of a site. A Web beacon can be detected by viewing the source code of a Web page and looking for any IMG tags that load from a different server than the rest of the site. Turning off the browser’s cookies will prevent Web beacons from tracking the user’s activity. The Web beacon will still account for an anonymous visit, but the user’s unique information will not be recorded.
Internet Protocol (IP) Address – an Internet Protocol (IP) Address is associated with your computer’s connection to the internet. MDP may use your IP address to help diagnose problems with MDP’s server, to administer the Website and to maintain contact with you as you navigate through the Website. Your computer’s IP address also may be used to provide you with information based upon your navigation through the Website. MDP does not link IP addresses to any Personal Information.
Aggregate Information – is used to measure the visitors’ interest in, and use of, various areas of the Website and the various programs that MDP administers, MDP will rely upon aggregate information, which is information that does not identify you, such as statistical and navigational information. With this aggregate information, MDP may undertake statistical and other summary analyses of the visitors’ behaviors and characteristics. Although MDP may share this aggregate information with third parties, none of this information will allow anyone to identify you, or to determine anything else personal about you.
8. Children and Data Collection
9. Collection and Use of Employee Personal Information
MDP also collects Personal Information from its employees and applicants (human resource data) in connection with administration of its Human Resources programs and functions. These programs and functions include, but are not limited to: job applications and hiring programs, compensation and benefit programs, performance appraisals, training, access to MDP facilities and computer networks, employee profiles, internal intranet employee directories, Human Resource recordkeeping, Affirmative Action data, and other employment related purposes.
It is the policy of MDP to keep all past and present employee information private from disclosure to third parties. There are certain business related exceptions and they are:
- To comply with county, state or federal agency requests;
- Inquiries from third parties with a signed authorization from the employee to release the information, except in situations where limited verbal verifications are acceptable (see below);
- Third parties with which MDP has contractual agreements to assist in administration of company sponsored benefits.
10. Verifications of Employment
Prospective employers, financial institutions, and residential property managers routinely contact MDP requesting information on a former or current employee’s work history and salary. All such requests of this type shall be referred to and completed on a confidential basis by the Human Resources Department or Payroll Department.
For written verification of employment requests, information will be provided on the form only when it is accompanied by an employee’s signed authorization to release information. The form will be returned directly to the requesting party and filed as part of the Human Resources or Payroll Department’s confidential records.
11. Medical Information
MDP is compliant with federal HIPAA regulations and only utilizes information related to the company sponsored healthcare plan on a “need to know” basis for administration of the healthcare plan.
12. Collection and Use of MDP Franchisee and Prospective Franchisee Information
If you choose to, you may submit via www.mamadelucaspizza.com an electronic application seeking consideration as a prospective MDP franchisee. By submitting an electronic application, you agree that we may disclose your personal information to our affiliates within MAMA DELUCA’S®, their Development Agents, other MAMA DELUCA’S® affiliates, and third party service providers as part of their consideration to your inquiry and to help them conduct their franchise marketing efforts. Information on your online form will become part of any application for a franchise that you might later submit. We require our affiliates within MAMA DELUCA’S® and Development Agents to respect MDP’s privacy practices and not use your personal information for purposes other than to carry out our instructions.
By applying to become an MDP franchisee, a prospective franchisee consents to the collection, use, and disclosure of Personal Information in accordance with the following terms and conditions. We collect and use Personal Information in order to assist a prospective franchisee in applying to become a MAMA DELUCA’S® restaurant franchisee and to assist our affiliates within MAMA DELUCA’S® in selecting franchisee candidates.
Personal Information collected from prospective franchisees include, but is not limited to: name, address, telephone number, facsimile number, email address, date of birth, citizenship, educational background, criminal background, bank account information for Electronic Funds Transfer, financial statement, litigation history, and taxpayer identification number. Failure to provide requested Personal Information may negatively impact a prospective franchisee’s ability to become a franchisee. Once a prospective MAMA DELUCA’S® restaurant franchisee becomes a franchisee, they may then reference themselves by their Franchise Agreement Number. In order to better service franchisees, a franchisee’s Personal Information may be shared between MDP and its affiliates within MAMA DELUCA’S®, pursuant to the service contracts between them.
A franchisee and/or prospective franchisee’s information may be shared with the Development Agent in their area. A Development Agent is an independent contractor of MDP. The Development Agents assist with franchise sales, site location, service franchisee leasing needs, provide operational assistance and related administrative functions, training to the franchisee. Development Agents also make recommendations as to whether a prospective franchisee in their territory should be granted a franchise. The Development Agent may use this information to: address a franchisee’s concerns in a customer complaint, respond to a franchisee’s inquiries for franchise sales, franchisee Personal Information may be shared during store transfers, and any other inquiry which may require a response.
Finally, upon becoming a MDP franchisee you consent to MDP disclosing former or past franchisee contact information including Personal Information in its Disclosure Document for one (1) year after leaving the system, as required by law, unless you advise otherwise. Contact our Privacy Officer in writing, either by email or regular mail received, of your desire to not have your details or contact information disclosed, corrected or changed when you sell or transfer your MDP restaurant, or exit the MAMA DELUCA’S® Restaurant System (whether by termination or otherwise). To contact the Privacy Officer, please see the section provided below entitled “Contact Information”.
13. Collection and Use of PTI Development Agent Information
By applying via www.mamadelucaspizza.com to become a MAMA DELUCA’S® Development Agent, a Development Agent applicant consents to the collection, use, and disclosure of Personal Information in accordance with the following terms and conditions. We collect and use Personal Information in order to assist you in applying and evaluating you to become a MAMA DELUCA’S® Development Agent. Personal Information is collected to assist our affiliates within MAMA DELUCA’S® in selecting Development Agent candidates and for the purpose of operating a development territory.
Personal Information collected includes, but is not limited to: name, home address, home telephone number, facsimile number, email address, date of birth, bank account information for Electronic Funds Transfer, financial statement, resume, taxpayer identification number and background checks. Failure to provide necessary information may negatively impact your ability to become a Development Agent.
Once a Development Agent candidate becomes a Development Agent, they may then reference themselves by their Development Agent Number. As a Development Agent for MDP, certain business information with respect to restaurants within your territory may be shared in the aggregate amongst your DA community. Such business information may include, but is not limited to, 3 year DA Performance Report, Emerging Market Developing Activity Report, Developed Market Report, and the Weekly Same Store AUV and Units Report.
14. Mobile Information
You may submit Personal Information via your cell phone, smartphone, and tablet. If you use any location-enabled products, you may be sending us location information. MDP does not store or use this information other than to provide the service you requested. For example, a mobile product may use GPS data to find a nearby restaurant you requested. Location-enabled features are opt-in and you have control over your participation and can turn these services off at any time.
MDP uses a variety of new technologies and social media options to communicate and interact with consumers. These websites and mobile applications include popular social networking and media sites, such as, Twitter and Facebook. If you post updates to or receive updates from www.twitter.com, www.facebook.com, and other social networking websites, during the Promotion Period via SMS from your wireless phone, your wireless-service provider may charge you for each text message you send and receive. You must consult your wireless service provider regarding its pricing plans, as rates may vary. Use of third party social networking websites, such as, Twitter and Facebook, are governed by the privacy practices of those websites. MDP does not capture or store your login information or any other personally identifiable information for Twitter, Facebook, and other social networks, however, session information or cookies may be stored on your wireless phone, by their websites.
Mobile Information We Collect
- Some mobile applications will utilize Google Analytics (or similar tool) to help us better serve our customers through improved products, services, and revisions to the mobile applications. This collected information will not identify you to MDP. It may, however, let us know anonymously, which services and features you are using the most within the application, as well as device type and hardware features, country and language of download.
- Use of 3rd party services such as social sharing sites (e.g., Facebook and Twitter) is governed by the privacy practices of those services. MDP does not capture or store your login information or other personally identifiable information for these services, however session info or cookies may be stored.
Mobile Information Sharing
- MDP does not share any collected information with 3rd parties with the following exceptions:
- MDP may provide some personal data to third-party partners that are providing services essential to your mobile user experience.
- All requests are sent through your mobile carrier’s network and your carrier may have access to it. Consult your carrier’s privacy policies for additional information.
- Certain mobile products and services and manufacturers allow you to interact and share your information with others. For example, you may want to Tweet or post to your Facebook page content from a MDP mobile application. Consult your mobile device manufacturer, or mobile product or application developer’s privacy policies for additional information.
15. Mobile Marketing Promotions and Advertising
Wireless Promotional Opportunities – MDP may provide users and viewers with the opportunity to register for special promotions via mobile text messaging and other wireless devices. Users are required to provide their consent to receive such information from MDP, either by registering on our website or via your wireless device. Promotional opportunities may be provided by MDP or MDP’s third party service providers. The Information requested as part of the online registration process may include, but is not limited to, a user’s telephone number or a wireless email address (only if specifically requested), and your mobile carrier’s name.
Please note that most wireless transmissions are not secured and there is a greater risk of an unknown third party’s interception of messages or a user’s Personal Information when using a wireless communications device.
Users that register for MDP’s wireless services acknowledge, understand and agree that they may be charged by the user’s wireless carrier for all messages between MDP and the user. Standard messaging rates will apply, unless noted otherwise. Under no circumstances will our website, MDP, the SUBWAY® Group, or its affiliates be held responsible for any wireless email or text messaging charges incurred by a user or by a person that has access to a user’s wireless device, telephone number, or email address.
Termination of Wireless Services by User – Users may revoke their consent to receive mobile messages for marketing promotions from MDP and/or its affiliates by the following procedure:
A user may cancel one or more services via his/her wireless device at any time by using the unsubscribe mechanism provided by MDP at the time the message is sent, or by sending a text message that says “STOP”, “END”, “CANCEL”, “REMOVE”, “UNSUBSCRIBE” or “QUIT”. MDP will terminate the user’s registration for the most recent wireless service sent to the user. Any of these words followed by the word “ALL” in the user’s termination request will cancel all of the user’s registered wireless services with MDP. If the user unsubscribes from one or all of MDP service(s) via his or her wireless device, the service(s) will be terminated immediately and will cancel the user’s previous opt-in.
Use of Information – MDP will not use a wireless telephone number, wireless or conventional internet email address, or other Information submitted for its wireless marketing promotions for any other purpose than to provide the services requested, unless we provide to you advance notice of any other use. We will not share any Personal Information with third party service providers unless you opt-in for such disclosure.
16. Forward-To-A-Friend and Refer-A-Friend
You may use a referral feature (either on a web page, in an e-mail, from a banner ad or other communication) to inform a friend about a MDP web page or promotion. MDP may use any e-mail address provided when using this referral feature to send both an initial e-mail and a subsequent e-mail to recipients about the particular promotion, product, or service in which you indicated your “friend” may have an interest.
17. Opt-Out of Email Updates
You may have the opportunity to elect to receive email communications from MDP. MDP will only email you or send you mobile alerts if you elect to receive them. If you elect to receive email communications, MDP may send you occasional updates about new additions to the Website as well as special offers of which you can take advantage. If at any time you decide you would rather not receive these types of communications from MDP, you can opt-out by clicking the unsubscribe link at the bottom of any MDP email, update the contact preferences for your account, or contact the Privacy Officer at: firstname.lastname@example.org.
18. Sharing of Personal Information
As described above, MDP, its affiliates within MDP, third party service providers, and Development Agents may share and exchange Personal Information in order to process franchisee applications, administer the MAMA DELUCA’S® Restaurant System franchise system, and protect the integrity of the MDP franchise system and trademarks. Personal Information may be provided to a courier or freight forwarder to fulfill an order, which may have been requested from us.
We endeavor to protect your Personal Information using physical, electronic or procedural security measures appropriate to the sensitivity of the information in our control. These measures include safeguards to protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use and modification.
Currently, our website utilizes a variety of different security measures designed to protect Personal Information of users both inside and outside MDP, including the use of encryption mechanisms (e.g., Secure Socket Layers or SSLs), password protection, and other security measures to help prevent unauthorized access to your personally identifiable information. This helps maintain the confidentiality, privacy, and integrity of your transactions, and helps to protect your confidential information – such as credit card numbers, online forms, and financial data from loss, misuse, interception and hacking.
Phishing – Identity theft and the practice currently known as “phishing” are of great concern to MDP. Accordingly, safeguarding information to help protect you from identity theft is a top priority. We do not and will not, at any time, request your credit card information, your account ID, login password, Social Security Number or National Identification numbers in a non-secure or unsolicited e-mail or telephone communication. For more information about phishing, visit the Federal Trade Commission’s website.
20. Storage, Retention and Accuracy of Personal Information
All reasonable steps are taken to safeguard your Personal Information against loss; unauthorized access, use, modification, disclosure; or any other misuse. We take all reasonable steps to insure that your Personal Information is accurate, up-to-date, complete, relevant and not misleading. MDP will retain your Personal Information only for as long as necessary to fulfill the purpose(s) for which it was collected and to comply with applicable laws and your consent to such purpose(s) remains valid after termination of our relationship with you.
MDP may store your Personal Information in its databases located in the United States and/or other countries outside of the European Economic Area (“EEA”). Additionally, some of our service providers may reside in the United States or other countries outside of the EEA and will be subject to the laws of the local jurisdiction. As a result, in certain circumstances, the United States and other foreign governments, courts, law enforcement agencies or regulatory agencies may be entitled to access the Personal Information collected and held by MDP.
21. Access, Control and Update Information About You
You may contact the Privacy Officer to access, correct or delete your Personal Information. If necessary, the Privacy Officer will contact another individual to assist in completing your requested task. We want to be sure that we keep only the most accurate and up-to-date Personal Information in our records. You can email us at email@example.com to update your contact information. To protect your privacy, we will take reasonable steps to help verify your identity before granting access or making changes.
22. Contact Information
If you have any questions or concerns, please contact:MDP Privacy Officer
c/o Franchise Brands, LLC
325 Bic Drive
Milford, CT, 06461
Telephone Number: (203) 877-4281 or Toll Free: 1-800-888-4848
Facsimile: (203) 783-7951
Email Address: firstname.lastname@example.org
We will address your concern and attempt to resolve any problem.
23. Links to Non-MDP Websites and Third Parties
24. Social Media and Online Engagement
MDP uses a variety of new technologies and social media options to communicate and interact with consumers. These sites and applications include popular social networking and media sites, open source software communities and more. To better engage the public in ongoing dialog, MDP uses several third-party platforms including, but not limited to, Facebook, Twitter, and YouTube. Third-Party Websites and Applications (TPWA) are Web-based technologies that are not exclusively operated or controlled by MDP. When interacting with the MDP presence on those websites, you may reveal certain personal information to MDP or to third parties. Except when used by MDP employee’s for the purpose of responding to a specific message or request, MDP will not use, share, or retain your personal information.
At this time, MDP has one Social Media Account, http://www.facebook.com/pages/Mama-DeLucas-Pizza-Ft-Wayne/168327676513260.
25. Your California Privacy Rights (As provided by California Civil Code Section 1798.83)
26. Safe Harbor Compliance
Franchise Brands, LLC, the owner of MDP, is in compliance with the U.S. Department of Commerce Safe Harbor requirements regarding the transfer of personal information from the European Economic Area (“EEA”) or Switzerland to the United States. Franchise Brands, LLC has been Self-Certified under the Safe Harbor privacy framework as set forth by the U.S. Department of Commerce, European Commission and Switzerland regarding the collection, storage, use, transfer and other processing of personal data transferred from the European Economic Area or Switzerland to the U.S., in accordance with the EU Directive on Personal Data Protection. The principles of Safe Harbor compliance are:
- Notice – Individuals must be informed that their data is being collected and about how it will be used;
- Choice – Individuals must have the ability to opt out of the collection and forward transfer of the data to third parties;
- Onward Transfer – Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles;
- Security – Reasonable efforts must be made to prevent loss of collected information;
- Data Integrity – Data must be relevant and reliable for the purpose for which it was collected;
- Access – Individuals must be able to access information held about them, and correct or delete it if it is inaccurate;
- Enforcement – There must be effective means of enforcing these rules.
Further information regarding the Safe Harbor principles and certification process can be found at www.export.gov/safeharbor.
In addition, the U.S. Department of Commerce maintains a list of all compliant organizations, which can be accessed at http://web.ita.doc.gov/safeharbor/shlist.nsf/webPages/safe+harbor+list.
27. Members of the European Union
If you are a resident of the European Economic Area (“EEA”) or Switzerland and have any concerns or complaints, please first address these issues to the Privacy Officer. MDP is located in the United States, as are the servers that make our websites available. All matters relating to privacy issues and websites are governed by the laws of the United States and the State of Connecticut. If the Privacy Officer does not satisfactorily address a complaint within thirty (30) days, any dispute, controversy or claim shall be settled by an arbitration administered by an arbitration agency, such as the American Arbitration Association (“AAA”). All arbitrations will be conducted in English. Judgment rendered by the arbitrator may be entered in any court having jurisdiction. The costs of the arbitration will be borne equally by the parties. Connecticut, U.S.A. shall be the site of all hearings, and such hearings shall be before a single arbitrator. You may also submit complaints to the Federal Trade Commission at http://www.ftc.gov/ftc/complaint.htm or via telephone at (202)382-4537.
29. Terms and Conditions of Website Use
Last revised: June 19, 2013