CHIPOTLE’S PRIVACY POLICY

(LAST UPDATED OCTOBER 2, 2017)

Thank you for visiting Chipotle online. This Privacy Policy describes how Chipotle Mexican Grill, Inc. and its subsidiaries and affiliated companies (collectively, "Chipotle", “we” or “our”) collect, use and disclose personal information of visitors to our websites, users of our online services and others to whom we expressly provide that this Privacy Policy will apply.

The Information Chipotle Collects and How We Use this Information

Chipotle only obtains personally identifiable information such as your name, email address and payment card or other information when you provide it voluntarily. For example, personal information may be collected from you to:

  • respond to your comments regarding a Chipotle restaurant, our websites, or other aspects of Chipotle;
  • register you for our mailing lists or as a user of online or mobile products or services we offer, or to register you for promotions or offers conducted through our websites or mobile campaigns;
  • transmit payment information for online or mobile orders;
  • respond to job inquiries and job applications submitted by you; and 
  • respond to other information submitted by you to any of our websites or through any of our mobile campaigns.

This information will be used for the purposes for which you provide it. We may also use this information to communicate with you from time to time for other purposes, such as to create personalized promotions by combining your personal information with non-personal information about you, such as the amounts and types of purchases you make or any benefits you receive through our programs.

We may also use information you provide us for additional purposes as described under “Sharing of Personal Information.”

In addition to personally identifiable information about you, Chipotle may collect aggregated data or anonymized data that does not directly identify you. For example, we may automatically collect website use information, such as information about your Internet service provider, your operating system, browser type, domain name, Internet protocol (IP) address, your access times, the website that referred you to us, the Web pages you request, and the date and time of those requests.

California's Do Not Track Notice

Chipotle does not support Do Not Track browser settings and does not currently participate in any Do Not Track frameworks that would allow any of our sites to respond to signals or other mechanisms from you regarding the collection of your personal information.  However, our sites do not track any personally identifiable information on our sites unless you intentionally provide it to us (such as when you create an account, opt-in to our marketing lists, or make a purchase).

Mobile Terms & Conditions

MOBILE ALERTS

  1. You must be 13 years of age or older to participate in the Chipotle mobile text program.
  2. By participating in the Chipotle mobile text program and signing up for mobile offers and text updates, you consent to receive future recurring automated marketing text messages to the mobile number provided from or on behalf of Chipotle. You also acknowledge that your agreement to receive these messages isn’t required as a condition of purchase.
  3. Message and data rates may apply. All charges are billed by and payable to your mobile service provider. Chipotle does not charge you for sending or receiving text messages to 888222. 
  4. If you would like to be removed from the Chipotle mobile text program, you must text STOP to 888222 to opt-out. This is the exclusive method for opting out. After texting STOP to 888222 you will receive one additional message confirming that your request has been processed.
  5. Chipotle reserves the right to remove subscribers from our messaging database at our discretion. For more information, reply “HELP” to 888222 or contact us here.
  6. In the event that you change or deactivate your mobile number it is your responsibility to notify Chipotle here to have your number removed.
  7. Chipotle will not be liable for any delays in the receipt of any SMS messages or undelivered messages. T-Mobile policies require that we specify that T-Mobile, also, will not be liable for any delays in the receipt of any SMS messages or undelivered messages.
  8. Data obtained from you in connection with this SMS service may include your cell phone number, your carrier's name, the date, time and content of your messages and other information you provide to us as part of this service. We may use this information to contact you and to provide the services you request from us.
  9. These mobile terms and conditions as well as the rest of the privacy policy are subject to change at any time without notice.
  10. View our Terms of Use here.

OPTIC GAMING TRIVIA PROMOTION

Recurring messaging through 10/31/17, frequency varies based on user activity. Automated marketing messages will be sent to the phone number provided at entry. Consent is not a condition of purchase or entry. Message & data rates may apply. The wireless carriers are not liable for delayed or undelivered messages. Text HELP for help. Text STOP to cancel. Privacy Policy http://chipotle.com/privacy-policy Official Rules: http://chipotle.com/optictrivia-rules .

DISPUTE RESOLUTION, ARBITRATION CLAUSE AND CLASS ACTION WAIVER

You agree that any claim or dispute at law or equity that has arisen or may arise relating in any way to or arising out of this Privacy Policy will be resolved in accordance with the provisions set forth in this Dispute Resolution section. PLEASE READ THIS SECTION CAREFULLY. IT AFFECTS YOUR RIGHTS AND WILL HAVE A SUBSTANTIAL IMPACT ON HOW CLAIMS YOU AND WE HAVE AGAINST EACH OTHER ARE RESOLVED. You agree that whenever you have a disagreement with Chipotle arising out of, connected to, or in any way related to this Privacy Policy, you will send a written notice to Chipotle (“Demand”). You agree that the requirements of this Dispute Resolution section will apply even to disagreements that may have arisen before you accepted this Privacy Policy. You must send the Demand to the following address (the “Notice Address”): Legal Department, Chipotle Mexican Grill c/o CMG Strategy Co., LLC, 1401 Wynkoop Street, Suite 500, Denver, CO 80202. You agree that you will not take any legal action, including filing a lawsuit or demanding arbitration, until 20 business days after you send a Demand. If the disagreement stated in the Demand is not resolved to your satisfaction within 10 business days after it is received, and you intend on taking legal action, you agree that you will file a demand for arbitration with the American Arbitration Association (the “Arbitrator”). This arbitration provision limits the ability of you and Chipotle to litigate claims in court and you and Chipotle each agree to waive your respective rights to a jury trial or a state or federal judge. There is no judge or jury in arbitration, and court review of an arbitration award is limited. However, an arbitrator can award on an individual basis the same damages and relief as a court (including injunctive and declaratory relief or statutory damages), and must follow this Privacy Policy as a court would. You agree that you will not file any lawsuit against Chipotle in any state or federal court. You agree that if you do sue in state or federal court, and Chipotle brings a successful motion to compel arbitration, you must pay all fees and costs incurred by Chipotle in court, including reasonable attorney’s fees. For any such filing of a demand for arbitration, you must effect proper service under the rules of the Arbitrator and notice to the Notice Address may not be sufficient. If, for any reason, the American Arbitration Association is unable to conduct the arbitration, you may file your case with any national arbitration company. The Arbitrator shall apply the AAA Consumer-Related Disputes Supplementary Procedure effective September 15, 2005 (as may be amended) and as modified by the agreement to arbitrate in this Dispute Resolution section. You agree that the Arbitrator will have sole and exclusive jurisdiction over any dispute you have with Chipotle. The Federal Arbitration Act allows for the enforcement of arbitration agreements and governs the interpretation and enforcement of the agreement to arbitrate.

You agree that you will not file a class action or collective action against Chipotle, and that you will not participate in a class action or collective action against them. You agree that you will not join your claims to those of any other person. Notwithstanding any other provision in this Privacy Policy, if this class action waiver is invalidated, then the agreement to arbitrate is null and void, as though it were never entered into, and any arbitration dispute at that time will be dismissed without prejudice and may be refiled in a court. Under no circumstances do you or Chipotle agree to class or collective procedures in arbitration or the joinder of claims in arbitration. Chipotle agrees that we will submit all disputes with you to arbitration before the Arbitrator.

We Have Cookies!

Well, actually, not that kind of cookie. But like many websites, we use cookies for a variety of purposes to improve your visits to our websites. Cookies are pieces of information that a website transfers to the hard drive on your computer for record-keeping purposes. These cookies will allow the website to remember important information that will make your use of the website more convenient. For example, we track the total number of visitors to our websites on an anonymous aggregate basis. We also use cookies so that we remember you when you return to our websites.

You can use the options in your web browser to notify you when you receive a cookie or otherwise change your cookie preferences. Click on the "Help" section of your browser to learn how to make those changes. But remember, if you disable cookies, you may not be able to take advantage of all the exciting features of our websites.

In addition to adjusting the appropriate settings in your browser, many advertising companies that may collect anonymous information for advertising targeting purposes are also members of the Digital Advertising Alliance or the Network Advertising Initiative, both of which provide an opt-out from advertisement targeting by their members. You can find more information on these opt-out capabilities on www.aboutads.info and www.networkadvertising.org.

Our website uses third party cookies from Google Analytics for Demographics and Interest Reporting. This feature gives us insight into behavior information relating to visitor age, gender and interests on an anonymous and aggregate level. This will help us to understand browsing behavior to give you a better experience while visiting our site.

You can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings Feature on Google. By clicking Ads Settings, you will be taken out of chipotle.com to a page on Google where you can control the information Google uses to show you ads. In addition, you can use Google Analytics Opt-Out Browser Add-on to disable tracking by Google Analytics.

Sharing of Personal Information

Chipotle uses its best efforts to protect your personally-identifiable information and privacy. We do not sell, transfer or disclose your personal information to any third parties other than for the limited purposes described in this policy.

With your permission, we will send marketing information to you, such as promotional offers or information about new product offerings, programs or restaurant openings. If you do not want to receive this stuff, you can contact us to opt out and we will not send it to you thereafter. Also with your permission, we may occasionally send marketing information to you on behalf of one of our business partners. On our websites, in our restaurants, or elsewhere, we may ask if you want to receive marketing materials from our business partners. If you want to receive this stuff, we’ll send it to you… if you don’t want it, just tell us and you won’t get it. But remember, Chipotle will not share your personal information with any of its business partners. We will just send a mailing, e-mail, text message or similar communication on behalf of the business partner.

Chipotle sometimes contacts other companies for a variety of reasons, such as fulfilling orders, assisting with promotions, and providing technical services for our websites. These companies may have access to personal information if they need it to do their work. However, we will generally obligate these companies to use any personal information only for the purpose of performing their work.

We may, where expressly stated, post certain submissions on our websites. However, we will not include your full name or other personal information identifying you unless you have given us consent to do so

We keep your job inquiries and job applications confidential. However, we may share personal information within our affiliated companies for purposes of evaluating you as a candidate for any openings.

Chipotle does reserve the right to use or disclose any information as needed to satisfy any law, regulation or legal request, to fulfill your requests, or to cooperate in any law enforcement or similar investigation.

Finally, we may also share aggregated or anonymized information that does not directly identify you.

Chipotle’s Privacy Policy Regarding Children

Chipotle is very sensitive to privacy issues regarding kids. We do not intend our websites to collect personal information from kids under the age of 13.

We urge parents to regularly monitor and supervise their children’s on-line activities. Although our website is not intended to collect personal information from kids under the age of 13, to review any personal information that your child may have submitted to Chipotle, to ask us to delete that information or to stop further use of the information, please submit this information on our Talk to Us form.

Access and Opting Out

You are in control of any personal information you give us. If at any time, you want to correct the personal information we have about you, or if you want to change your preferences for contacts from us or on behalf of our business partners, log in, send us an e-mail or a letter. We’re not mind readers you know!

https://order.chipotle.com/Account/MyAccount

Contact Customer Service here: http://chipotle.com/email-us

Chipotle's Privacy Policy
Chipotle Mexican Grill, Inc.
1401 Wynkoop St., Ste. 500
Denver, CO 80202

Chipotle’s Web Site Security

We take reasonable steps to maintain physical, technical and administrative security of personal information you provide to us. Although we take these steps to safeguard your personal information, no system or transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. In addition, although we generally obligate third parties who support our websites and their related offers or other programs to use any personal information only for the purpose of performing their work, we do not control such third parties’ website or other security measures.

In the event you send Chipotle an e-mail, please remember that the e-mail is not necessarily secured against interception by another party. So if you do not want any sensitive personal information to be subject to this risk (i.e. information that you may supply as part of a job application), please contact us by mail or telephone at:

Chipotle Mexican Grill, Inc.
1401 Wynkoop St., Ste. 500
Denver, CO 80202
(303) 595-4000

Links to Other Websites

Some of our websites offer links to sites other than those maintained by Chipotle. If you visit one of these linked websites, you are then subject to the privacy policies and other policies of the new website and are no longer protected by our policies. We are not responsible for, or able to monitor or control, the policies and practices of other companies.

Changes to Chipotle’s Privacy Policy

From time to time, Chipotle may change this privacy policy. Thus, you should check here periodically to see if anything has changed.

Limitation to Online

This policy applies only to individuals who visit our websites or interact with us through any of our e-mail or mobile campaigns. It does not apply to information which we may collect by means other than through our websites and it does not apply to businesses which may use our websites.

INDEMNIFICATION

You agree to indemnify, defend, and hold harmless Chipotle, its affiliates, its providers, and its officers, directors, employees, attorneys, and agents from and against any and all claims, damages, losses, costs (including reasonable attorneys’ fees), and expenses that arise directly or indirectly out of or from: (1) your breach of this Privacy Policy; and/or (2) your activities in connection with the services and/or materials, programs, and features to which we expressly provide that this Privacy Policy will apply.