Privacy Policy
Roti Holdings, LLC
PRIVACY POLICY
Your privacy is important to us at Roti Holdings, LLC, and its affiliates and subsidiaries, including, but not limited to, Roti Restaurant Group, LLC, Roti Modern Franchising, LLC, Roti IP, LLC, and Roti Restaurant Group UK Ltd. (collectively, “Roti,” “we,” “us,” or “our”), and we are committed to safeguarding, preserving, and respecting your privacy rights. This online privacy policy (the “Policy”) describes how we collect, use, disclose, and secure the personal information we gather about you through our websites, https://www.roti.com and www.roti.co.uk (collectively, the “Site”), the Platforms (as defined in section 5 (Roti Perks Loyalty Program), our application, when you view or interact with Roti’s social media accounts or any social media accounts or content affiliated with us, and when you interact with us as a customer or otherwise (collectively, the “Services”).
This Policy expressly incorporates any privacy notices we may issue to supplement this Policy, for example if required by law. Depending on your residency, a supplemental privacy notice may apply to you. For example, if you are a California resident, please view our California Privacy Rights page here. If you are a job applicant, please see our Applicant Privacy Policy available on Roti’s Applicant Tracking System via ADP.
1. YOU CONSENT TO THIS POLICY
You should read this Policy carefully, so that you understand our privacy practices. By accessing, browsing, downloading, or otherwise using the Services, you confirm that you have read, understood, and agreed with this Policy. If you do not agree to this Policy, you may not use the Services.
This Policy applies regardless of how the Services are accessed and will cover any technologies or devices by which we make the Services available to you.
We may provide you with additional privacy notices where we believe it is appropriate to do so. It is important that you read this Policy together with any other privacy notice or terms we may provide on specific occasions, so that you are fully aware of how and why we are using your data. This Policy supplements these other notices and is not intended to override them.
Your use of our Services, and any dispute over privacy, is subject to this Policy and our Terms of Use incorporated by reference into this Policy.
If you have any questions or concerns about our personal information policies or practices, you can contact us in the methods described in the “Contact Us” section below.
2. WHAT TYPES OF INFORMATION DO WE COLLECT?
We collect information you voluntarily provide directly to us, information that we collect automatically when you interact with the Services, and information collected from franchisees, business affiliates, service providers, and third parties. The categories of personal information that we collect and the purposes for which we collect that information are described below.
A. Categories of Personal Information We Collect
The following list describes the categories of personal information we collect.
· Account Information includes name, birth date, email address, username, and password. We collect this information when you provide it directly to us. We collect this information for the purposes of account creation and management, advertising and marketing, analytics and research, customer service, and website security and maintenance.
· Analytics Information. We collect certain analytics information automatically as you navigate our Services. This includes cookies, tracking pixels, tags or similar tools, which may collect information about your browser, device, geolocation, and interactions with the Services, Site, or emails. For more information, please view the “How Do We Use “Cookies” and Other Tracking Technologies?” section below. We collect this information for the purposes of account creation and management, advertising and marketing, analytics and research, customer service, and website security and maintenance.
· Contact Information includes name, email address, and phone number. We collect this information when you provide it directly to us such as creating an account or filling out a form. We collect this information for the purposes of account creation and management, advertising and marketing, analytics and research, customer service, and website security and maintenance.
· Commercial History includes information regarding the purchases you have made through our Services. We collect this information directly from you or from our service providers. We collect this information for the purposes of account creation and management, advertising and marketing, analytics and research, customer service, and website security and maintenance.
· Payment Information includes name, address, phone number, and debit or credit card information. We collect this information directly from you or from our service providers. We collect this information for the purposes of account creation and management, analytics and research, customer service, and website security and maintenance.
· Responses to Surveys and Questionnaires includes any information you provide to us when you complete voluntary market research surveys such as email address and interested activities. We collect this information for the purposes of advertising and marketing, analytics and research, customer service, and website security and maintenance.
· Social Media Information includes information that you post by sharing on a blog or another social media platform. We collect this information when you provide it directly to us. Please note that your comments will be visible to the public, so you should never share personal information that you would like to keep private. We collect this information for the purposes of advertising and marketing, analytics and research, customer service, and website security and maintenance.
· User-Generated Content. If you post, upload, comment, or otherwise submit content on the Services, we may collect certain information about you such as your name and email address and products you may have purchased. Be aware that as a default, any information you post on the Services, including without limitation review, comments, and text, may be available to and searchable by all users of the Services. We collect this information for the purposes of account creation and management, advertising and marketing, analytics and research, customer service, and website security and maintenance.
B. Purposes for Collection of Personal Information
We process your personal data for a variety of purposes including our legitimate business purposes and to manage your customer relationship with us including:
To fulfill our contracts with you and provide the Services such as providing access to Services including loyalty programs, managing your accounts, communicating with you about the Services, processing transactions with you, and enabling you to register for events.
· Based on your consent for purposes clearly disclosed to you at the time of collection.
· To comply with our applicable legal obligations including to exercise or to defend the legal rights of you, us or others; to meet legal requirements for tax, health and safety, data subject rights, and similar laws, regulations, or law enforcement requests.
· To fulfill our legitimate interests in marketing, product research and development, information security, and fraud protection.
The following chart identifies the purposes for which we may collect your personal information, as well as information regarding our use and disclosure of that personal information. Please note that we may not collect each category of information about each user of our Services.
|
Purpose |
Categories of Personal Information |
Targeted Ad / Sales |
Data Shared with Third Parties |
Categories of Third Parties |
|
Account Creation and Management |
Account Information Analytics Information Contact Information Social Media Information Organization-Related Information |
Yes / No |
Analytics Information |
Analytics Providers Third Party Advertisers |
|
Purchase of Goods or Services |
Analytics Information Commercial History Contact Information Payment Information |
Yes / No |
Analytics Information Commercial History Contact Information |
Analytics Providers Third Party Advertisers |
|
Marketing and Advertising |
Analytics Information Commercial History Contact Information Social Media Information |
Yes / No |
Analytics Information Commercial History Contact Information |
Analytics Providers Third Party Advertisers |
|
Analytics and Research |
Analytics Information Commercial History Contact Information Social Media Information |
Yes / No |
Analytics Information Commercial History Contact Information Social Media Information |
Analytics Providers Third Party Advertisers |
|
Customer Service |
Analytics Information Contact Information Chat Information |
Yes / No |
Analytics Information |
Analytics Providers Third Party Advertisers |
|
Website Security and Maintenance |
Analytics Information Commercial History |
No / No |
N/A |
N/A |
C. Other Ways We May Collect, Use, or Share the Information
We may also reserve the right to collect, use, or share personal information for the following purposes:
· For Legal Purposes. We reserve the right to cooperate with local, provincial, state, federal and international officials in any investigation requiring either personal information or reports about lawful of unlawful user activity on this site. We also reserve the right to share your personal information to establish, exercise, or defend our legal and property rights, including providing information to others for the purposes of fraud prevention.
· To Present the Site. We may use personal information to present our Site and its contents in a suitable and effective manner for you and your device.
· To Provide the Services. We may use personal information to provide the Services, including to improve operations and for security purposes.
· Customer Service. We may use your personal information to provide you with customer service, troubleshoot issues, and respond to requests, questions or comments.
· Provide Information and Opportunities. We may use your personal information to advertise travel opportunities, promotions, products, events, or Services that we think may be of interest to you.
· So Others Can Market to You. As detailed more fully below and in our California Privacy Policy, we use certain cookies or pixels that may collect personal information so that it can be used in connection with the marketing efforts of third parties. In those instances, your personal information may be used for third parties to serve unsolicited information, services, or products to you.
· Business Transactions or Mergers. We reserve the right to share your personal information with third parties as part of any potential business or asset sale, merger, acquisition, investment, round of funding, or similar type of transaction. Additionally, if we are entering into a corporate transaction with a third party, we may receive personal information in connection with the diligence. If we close a transaction, the third party may transfer personal information, which we would use as described in this Policy.
· Bankruptcy or Insolvency. In the event of bankruptcy, insolvency, or dissolution proceedings, we may share your personal information with third parties as part of the sale or reorganization process.
· Information From Our Partners. We may collect information from and share information with our partners such as service providers, market research firms, owners associations, our affiliates, subsidiaries, joint ventures, or other companies under common control. We may combine that information with other information we collect about you, but we will always use the information as described in this Policy. We may also share information with our affiliates, subsidiaries, joint ventures or other companies under common control.
3. HOW DO WE USE “COOKIES” AND OTHER TRACKING TECHNOLOGIES?
We may send one or more cookies to your computer or other device. We may also use other similar technologies such as tracking pixels, tags, or similar tools when you visit our Services. These technologies can collect data regarding your operating system, browser type, device type, screen resolution, IP address, and other technical information, as well as navigation events and session information as you interact with our Services.
A. What Are Cookies?
Cookies are small files created by websites, including our Services, that reside on your computer’s hard drive and that store information about your use of a particular website. When you access our Services, we use cookies and other tracking technologies to:
· Estimate our audience size and usage patterns;
· Store information about your preferences, allowing us to customize our Services according to your individual needs;
· Contact you to provide you with information or services that you request from us;
· Advertise new content, events, and services that relate to your interests;
· Provide you with more personalized content that is most relevant to your interest areas; and
· Recognize when you return to our Services.
We set some cookies ourselves and others are set by third parties. You can manage your cookies preference as described in the “Managing Your Cookies” section below.
B. What Types of Cookies Do We Use and Why?
The following chart lists the different types of cookies that we and our service providers use on the Services, examples of who serves those cookies and links to the privacy notices and opt-out information of those cookie servers. Because the specific cookies we use may vary over time, as well as differ by the specific page you are browsing, the below chart is illustrative only.
|
Purpose |
Who Serves |
|
|
Essential |
These cookies are required for the operation of the Services and enable you to move around the Services and use its features. Disabling these cookies can negatively impact the performance of Services. |
· Roti · Adobe · Toast |
|
Functionality |
These cookies are used to recognize you when you return to the Services. This enables us to personalize content for you and remember your preferences. These cookies also enable your interactions with the Services such as emailing us and customer support chat. |
· Adobe · OneTrust · PayPal · Toast
|
|
Analytics, Performance, and Research |
These cookies, beacons, and pixels allow us to analyze activities on the Services. They can be used to improve the functioning of the Services. For example, these cookies recognize and count the number of visitors and see how they move around the Services. Analytics cookies also help us measure the performance of our advertising campaigns to help us improve them and to optimize the content on the Services for those who engage with our advertising. |
· Adobe · Hubspot · Meta · Microsoft Clarity · Pintrest · Segment · TikTok · Toast
|
|
Social Networking |
These cookies are used to enable you to share pages and content that you find interesting on our Services through third-party social networking and other websites. These cookies may also be used for advertising purposes. |
· Meta |
|
Advertising |
These cookies and pixels are used to deliver relevant ads, track ad campaign performance, or track email marketing. |
· Adobe · Criteo · Epsilon (Dotomi) · Microsoft (Xandr) · Rubicon · Samba TV · Toast · Weebly · Xandr |
We do not use analytical tools in a manner that discloses to third parties that a specific person viewed specific video materials.
C. How Long Do Cookies Stay on My Device?
Some cookies operate from the time you visit the Services until the end of that particular browsing session. These cookies, which are called “session cookies,” expire and are automatically deleted when you close your Internet browser.
Some cookies will stay on your device between browsing sessions and will not expire or automatically delete when you close your Internet browser. These cookies are called “persistent cookies” and the length of time they will remain on your device will vary from cookie to cookie. Persistent cookies are used for a number of purposes, such as storing your preferences so that they are available for your next visit and to keep a more accurate account of how often you visit the Services, how your use of the Services may change over time, and the effectiveness of advertising efforts.
D. Managing Your Cookies
To see how to manage your cookies, please see the Your Privacy Rights section below.
It may also be possible to block cookies by changing your Internet browser settings to refuse all or some cookies. If you choose to block all cookies (including essential cookies), you may not be able to access all or parts of the Services.
You can find out more about cookies and how to manage them by visiting https://allaboutcookies.org.
E. Does the Site Respond to “Do Not Track” Signals?
Roti recognizes the Global Privacy Control. Your browser must be able to support the GPC for us to recognize your opt-out preference signal. For more information on how to enable GPC, please refer to GPC’s website here: https://globalprivacycontrol.org.
4. YOUR PRIVACY RIGHTS
Under certain privacy laws, some state residents are entitled to various privacy rights.
However, Roti values its customers’ privacy, and it therefore affords these rights to all users regardless of their state of residency. The chart below explains privacy rights available to you. Please note that these rights are not absolute and an exception may apply.
|
Consumer Right |
Explanation |
|
Right to Know/Access |
You have the right to confirm whether we are processing your personal data, and the right to access that data. |
|
Right of Correction |
You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing of the personal data. |
|
Right of Deletion |
You have the right to delete your personal data provided by you or obtained about you. |
|
Right of Portability |
Up to two times per calendar year, you have the right to obtain your personal data in a portable and—to the extent technically feasible—readily usable format that allows you to transmit the data to another entity without hindrance. |
|
Right to Opt-out |
You have the right to opt-out of the processing of your personal data for the purposes of: (1) Targeted advertising; (2) The sale of personal data; and/or (3) Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. To opt-out, please visit our “Your Privacy Choices” page. |
A. Sensitive Data
We will not collect Sensitive Data, as defined by applicable privacy laws, without first obtaining your consent or providing you the right to opt out as required by applicable laws.
B. Exercising Your Rights
If you wish to exercise one of the above rights and it applies to you, you can submit your request here or you may visit our “Your Privacy Choices” link located at the bottom of the Site. You may also email us using the information set forth in the “Contact Us” section below specifying which right(s) you would like to exercise.
If necessary, we may request additional information reasonably necessary to authenticate you and your request.
In certain circumstances, you may make a request on behalf of another such as if you are an authorized agent or the parent or guardian of a child on behalf of whom you wish to exercise their rights. We may also request additional information to authenticate these requests.
We will respond to these consumer requests, if applicable, within 45 days of receipt of the request and without undue delay. If we need to extend this period, we will notify you of the delay and explain the reasonably necessary justifications for our delay.
We will provide responses to your requests free of charge unless certain exclusions apply, such as if you make more than two requests in a twelve-month period or if the request is manifestly unfounded, excessive, or repetitive in nature.
We will not discriminate against you for exercising any of your consumer rights, including by denying or charging different prices or rates for goods or services and providing a different quality of goods or services.
C. Appealing a Rights Request Decision
If we deny or fail to take action on your request to exercise your applicable consumer privacy rights, you may appeal our decision. To do this, you may email us at privacy@roti.com or call us at 678-272-4247. In the email appeal, please specify the right(s) you requested to exercise and the date you made such a request.
We will inform you in writing within 45 days of any action taken or not taken in response to the appeal. We will also provide a written explanation of the reasons for our decisions regarding your request(s).
5. ROTI PERKS LOYALTY PROGRAM
We offer our Roti Perks loyalty rewards and customer engagement program (“Loyalty Program”) made available through https://rewards.thanx.com/roti and/or www.order.thanx.com/roti (collectively, the “Rewards Site”) and as an application for mobile devices (the “Roti App”) (collectively, the “Platforms”). When you use our Loyalty Program, you will be eligible to participate in certain promotional programs and receive rewards, such as special offers and discounts. Please note that if you exercise your Right of Deletion, we will not be able to provide these benefits because we will not be able to track them without your account information.
To offer the Loyalty Program, Roti has engaged Thanx, Inc. (“Thanx”) as a service provider to operate the Platforms.
In the course of providing our Loyalty Program, we will collect Analytics Information, Commercial History, and Contact Information. This information may be processed for the purposes of targeted advertising. We do not share this information with third parties as defined by the Colorado Privacy Act. This section also explains the types of personal information Thanx collects on behalf of Roti via the Platforms, how Thanx may use and share that information on behalf of Roti in the course of operating the Platforms, and the choices you have within the Platforms to manage your personal information. You may find more information regarding the legal terms and conditions for the Roti Loyalty Program in our Terms of Use found here.
Roti is responsible for any personal information collected in connection with the Loyalty Program, including any information you provide on the Platforms.
A. Information Sharing and Disclosure
Personal information collected through the Platforms may be shared as follows:
I. Sharing With Thanx to Operate the Platforms. Because the Platforms are operated by Thanx, any information you provide via the Platforms, or that Roti inputs to the Platforms, may be hosted and stored by Thanx on Roti’s behalf. Thanx uses this information to provide the Platforms under contract with Roti and in accordance with Roti’s instructions and applicable laws. Thanx may also rely on other third-party service providers that help it operate the Platforms, such as hosting, information technology, support, email and text message delivery, and website analytics services. Your personal information may also be disclosed in connection with a merger, acquisition, reorganization or sale of all or a portion of Thanx's assets or in the event of bankruptcy.
II. Sharing With Card Networks. If you connect a payment card to the Platforms, your payment card information will be shared with your payment network (e.g., AMEX, MasterCard or Visa) to enable the payment network to examine transactions on your connected payment card and to facilitate your participation in the Loyalty Program (e.g., to administer the Loyalty Programs you join and your accrual of rewards). You can remove your payment card from your account at any time in your settings. When you do so no future transactions will be associated with the removed card, but your previous transactions may be retained as necessary to maintain your Loyalty Program progress and keep track of any applicable rewards.
III. Sharing Initiated by Roti. Roti may share personal information through integrations in the Platforms to provide Services to you and for other purposes. For example, Roti may enable third party software integrations, such as Toast, DoorDash, and Uber, to facilitate online ordering, point-of-sale, and delivery services. Roti may also share personal information with advertising partners via integrations in the Platforms.
B. Your Choices
Through the Platforms, you may have the choices below regarding the collection, use and sharing of your personal information.
I. Google Analytics: The Platforms use Google Analytics to understand how people engage with the Platforms and to create reports about how users use the Loyalty Program. For more information on Google Analytics, click here. For more information about Google’s privacy practices, click here. You can opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.
6. NEVADA USERS’ RIGHTS
Under Nevada law, certain Nevada consumers may opt out of the sale of certain personally identifiable information for monetary consideration to a person for that person to license or sell such information to additional persons. We do not sell personally identifiable information under Nevada law.
If you are a Nevada resident who has purchased or leased goods or services from us, you may (A) submit a request to opt out of any potential future sales, and/or (B) request changes to your information by emailing us at privacy@roti.com. Please note we will take reasonable steps to verify your identity and the authenticity of the request.
7. CALIFORNIA USERS’ RIGHTS
If you are a California resident, please view our California Privacy Rights page here.
8. ADVERTISING AND MARKETING CHOICE
We respect your rights in how your personal information is used and shared. If at any time you would like to unsubscribe from receiving future emails, you can email us at privacy@roti.com or follow the instructions at the bottom of each email, and we will promptly remove you from marketing correspondence. Please note, however, that we may still need to contact you regarding other matters.
9. HOW LONG IS YOUR PERSONAL INFORMATION KEPT
We will retain your personal information until the personal information is no longer necessary to accomplish the purpose for which it was provided. We may retain your personal information for longer periods for specific purposes to the extent that we are obliged to do so in accordance with applicable laws and regulations, to protect you, other people, and us from fraud, abuse, an unauthorized access, as necessary to protect our legal rights, or for certain business requirements.
We will delete your personal information when it is no longer necessary for the purpose for which it was collected, or upon your request, subject to exceptions as discussed in this Policy or under applicable law, contract, or regulation.
10. OUR COMMITMENT TO DATA SECURITY
The security of your personal information is important to us. We take various reasonable organizational, administrative, and technical measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. If required by law to do so, we will notify you and/or the relevant supervisory authority in the event of a data breach.
However, we cannot and do not guarantee complete security, as it does not exist on the Internet.
11. WHERE YOUR PERSONAL INFORMATION IS HELD
We process personal information on our servers in the United States of America, and may do so in other countries. If you use our Services or otherwise provide us with information from outside of the United States, you expressly consent to the transfer of your data to the United States, the processing of your data in the United States, and the storage of your data in the United States.
12. THIRD PARTY LINKS
Roti’s Services may contain links to third-party websites. When we provide links, we do so only as a convenience and we are not responsible for any content of any third-party website or any links contained within. It is important to note that this Policy only applies to Roti’s Services. We are not responsible and assume no responsibility for any personal information collected, stored, or used by any third party as a result of you visiting third-party websites. We also advise that you carefully read the privacy notice of any third-party websites you choose to visit.
13. CHILDREN’S PRIVACY
Protecting the privacy of the very young is especially important. Our Services are not intended for children under 18 years of age, and we do not knowingly collect personal information from children under 18. In the event that we learn that we have collected personal information from a child under age 18 without verification or parental consent, we will immediately delete that information. If you believe that we might have any information from or about a child under 18, please contact us using the information provided in the “Contact Us” section below.
14. POLICY CHANGES
This Policy may change from time to time. If we need to change this Policy at some point in the future, we will post any changes on this page. If we make a significant or material change to this Policy we will notify you via email. You should check these terms when you use the Site. Your continued use of the Site constitutes acceptance of the most current version of this Policy.
15. CONTACT US
If you have any questions about this Privacy Policy, please contact us by email at privacy@roti.com or via phone 678-272-4247.
16. EEA/UK/SWITZERLAND AND INTERNATIONAL DATA TRANSFERS
If you are a citizen of the EEA, UK, or Switzerland, then the controller of your personal data (also referred to as ‘personal information’ in other sections of this document) is Roti Restaurants, LLC, and you have certain rights under applicable laws like the EU and UK General Data Protection Regulation and similar local laws. Your rights include the ability to request:
- Access to and a copy of your personal data;
- Correction of inaccurate personal data;
- Erasure or deletion of personal data that is no longer needed for its original purpose of collection and does not need to be retained for other legitimate purposes;
- Restrict or object to the processing of your personal data; and
- Transfer of your personal data to another company.
We process personal data globally, including in but not limited to the United States as described in the “Where Your Personal Information Is Held” section. We use technical, organizational, and contractual measures to protect this personal data. When we make cross-border data transfers from the EEA, UK, or Switzerland to other countries, we consider applicable adequacy decisions. As required, we implement the “standard contractual clauses” and the UK Addendum (“SCCs”) with data importers to provide an adequate level of protection.
We process your personal data when we have a legal basis to do so for various purposes including: to fulfill our contracts with you including to provide the Services to comply with our applicable legal obligations including to exercise or to defend the legal rights of you, us or others; to meet legal requirements for tax, health and safety, data subject rights, and similar laws, regulations, or law enforcement requests; to fulfill our legitimate interests in marketing, product research and development, information security, and fraud protection; or with your consent for other purposes disclosed at the time of collection.
If you have questions about our privacy practices or this Privacy Policy, you may contact us by using the information in the “Contact us” section above. While we endeavor to answer your questions, you also have the right to complain to your relevant data protection authority.