Effective Date: August 2007 (last updated December, 23 2022)

Applicability

This Policy describes Jimmy John's online and offline information collection and use practices. This includes for our websites and apps. It applies to information we collect from you when you interact with us. You can print a copy of this policy by clicking here.

Categories of Information We Collect

Listed below are details about the categories of information we collect:

Contact information. We collect your name and phone number. We also collect your street address and email address.

Payment information. We collect payment information when you make a purchase. This might include credit card or debit number.

Demographic information. We collect your gender or age. We collect your zip code. If you complete a survey we may collect your ethnic background and the number and ages of children in your household. We may also collect your household income. We collect location information from website visitors and app users. This may include precise location information.

Biometric information. We do not collect biometric information.

Employment information. We collect name, age, phone number, and address from job applicants and employees. We also collect background check results and drug screening results. We may also collect bank account information.

Site usage information. We collect logs and session data when you visit our website or use our applications. We collect browser and operating system information. We collect what site you came from or what site you visit when you leave us. We collect your IP address. We also collect device identifiers.

Business Purposes for Information Use

We use the categories of information for the business and commercial purposes outlined here:

We use information to respond to your requests. We use contact information to respond to you. We also use contact information to communicate with you about our policies and terms. We use employment information to process your application.

We use information for transactional communications. We use contact and payment information to process payments. We use contact information for order delivery. If you sign up, we use contact information to send you our newsletter. We use contact and demographic information for our loyalty programs.

We use information for marketing purposes. We use contact information to notify you about new products and special offers or new features. This may be by email or text. It may also be on social media platforms. This includes information about Jimmy John's and other Inspire Brand companies. It also includes information we think you would find interesting. We use contact information to notify you if you win a promotion or sweepstakes.

We use information to improve our products and services. We use site usage information to make our website and products better. We use your contact, demographic, and site usage information to customize your experience with us. We use your demographic information for market research.

We use information to protect our company and constituents. We use contact, demographic, and site usage information to protect our company and customers. We use this same information to identify fraud and secure our systems. This includes measures to detect potential fraudulent credit card purchases. We use all categories of information for other purposes as permitted by law.

How We Collect Information

We collect categories of information in the following ways:

We collect information directly from you. We collect your contact, demographic, payment, and biometric information from you. This could be in person. It could also be on our website or one of our apps.

We collect information passively. We use tracking tools to collect site usage and demographic information. Tracking tools include browser cookies and web beacons. We do this on our websites and in emails that we send to you. We collect information about users over time when you use our websites or apps. We have third parties collect personal information this way.

We collect information about you from third parties. We collect contact, demographic, and site usage information from our business partners. Social media platforms give us information about you. We purchase demographic information from third parties. We may collect information about you from other Inspire Brands companies.

We Combine Information

We combine information collected in-person with that we receive online. We may also combine information we get from a third party with information we already have. We also combine information we have with information we get from our related brands.

When We Share Information with Others

We share categories of information as described here:

We share information with related companies. We share information with our affiliates and subsidiaries. These entities include Sonic Drive-In, Arby's, Buffalo Wild Wings. It also includes our parent and other related entities. This includes new brands bought by our parent entity. We will share information with future related companies. Information we share includes contact and payment information. It also includes demographic, biometric, and site usage information.

We share information with vendors who perform services on our behalf. We share contact, demographic, payment, site usage and biometric information.

We share information if we think we have to in order to comply with the law or to protect ourselves. We share information we collect about you to respond to a court order or subpoena. We share information in response to a government agency or investigatory body request. We share information we collect when we investigate potential fraud.

We share information in connection with a business transfer or transaction. If all or part of our business is or was sold, we may share your information as part of that transaction. If there is a merger or acquisition, we may also share your information. If there is a financing or bankruptcy, we may share your information. Parties we share information with include lenders, auditors, and advisors.

We share information as permitted by law and for other reasons we may describe to you.

You Have Certain Choices

We provide you with options on how we use your information, as described here:

You can opt out of receiving our marketing emails. To stop receiving our promotional emails, follow the "unsubscribe" instructions in any promotional message you get from us. Even if you opt out of getting marketing messages, we will still send you transactional messages. These include responses to your questions or other necessary information about your account.

You can control cookies and tracking tools. To learn how to manage how we and our vendors use cookies and other tracking tools, and to read our Do Not Track Policy, click here.

ADDITIONAL DISCLOSURES FOR CALIFORNIA RESIDENTS

These additional disclosures apply only to individuals who reside in California, and are provided pursuant to the California Consumer Privacy Act, as modified by the California Privacy Rights Act of 2020 (the 'CCPA'). If you work for Jimmy John's, please see our California Employee Privacy Notice for additional disclosures. California job applicants can find additional disclosures here.

NOTICE AT COLLECTION

In the past 12 months, we have collected the following categories of personal information listed in the CCPA:

Category of Personal Information Categories of Sources from which Information was Collected Purposes for Collection
Identifiers, including real name, postal address, unique personal identifier, online identifier, IP address, email address, account name, or other similar identifiers

Directly from you or someone you know

Automatically when you use our websites and apps

Advertising networks Data analytics providers

Social networks

Vendors that help us to fulfill and deliver orders, process payments, support our promotions, contests, gift cards, loyalty programs, and sweepstakes, and provide communications, marketing, or other services on our behalf

Affiliates

Jimmy John's franchisees

Customer service

Marketing and advertising

To better understand how users access and use the websites and apps, to improve the Websites and apps, to respond to user desires and preferences, auditing, and for other research and analysis

To help maintain the safety, security, and integrity of our websites and apps, databases and other technology assets, as well as your account, orders, and deliveries

Detecting, investigating, or protecting against malicious, deceptive, fraudulent, or illegal activity

Tailoring our content or otherwise personalizing the websites and apps

As part of our application process for potential franchisees, and relationship with current franchisees

Personal records, including name, signature, social security number, address, telephone number, passport number, driver's license or state identification card number, education, employment, employment history, bank account number, credit card number, debit card number, or other financial information.

This category includes the information described in Cal. Civ. Code § 1798.80(e).

Directly from you

Vendors that help us to fulfill and deliver orders, process payments, support our promotions, contests, gift cards, loyalty programs, and sweepstakes, and provide communications, marketing, or other services on our behalf

Affiliates

Jimmy John's franchisees

Processing your purchases of or requests for products or services

Maintaining your account with us

Communicating with you, and facilitating communications through our websites and apps.

To support our contests, promotions, loyalty programs, coupons, and sweepstakes

Customer service

Marketing and advertising

To better understand how users access and use the websites and apps, to improve the websites and apps, to respond to user desires and preferences, auditing, and for other research and analysis

To help maintain the safety, security, and integrity of our websites and apps, databases and other technology assets, as well as your account, orders, and deliveries

Detecting, investigating, or protecting against malicious, deceptive, fraudulent, or illegal activity

Tailoring our content or otherwise personalizing the websites and apps

As part of our application process for potential franchisees, and relationship with current franchisees

Characteristics of protected classifications under California or federal law, including birthday, and gender

Directly from you

Affiliates

Customer service

To support our contests, promotions, loyalty programs, coupons, and sweepstakes

Marketing and advertising

To better understand how users access and use the websites and apps, to improve the websites and apps, to respond to user desires and preferences, auditing, and for other research and analysis

To help maintain the safety, security, and integrity of our websites and apps, databases and other technology assets, as well as your account, orders, and deliveries

Detecting, investigating, or protecting against malicious, deceptive, fraudulent, or illegal activity

Tailoring our content or otherwise personalizing the websites and apps

Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

Directly from you

Automatically when you use our websites and apps

Vendors that help us to fulfill and deliver orders, process payments, support our promotions, contests, gift cards, loyalty programs, and sweepstakes, and provide communications, marketing, or other services on our behalf

Affiliates

Jimmy John's franchisees

Processing your purchases of or requests for products or services

Communicating with you, and facilitating communications through our websites and apps

To support our contests, promotions, loyalty programs, coupons, and sweepstakes Customer service

Marketing and advertising

Tailoring our content or otherwise personalizing the websites and apps To better understand how users access and use the websites and apps, to improve the websites and apps, to respond to user desires and preferences, auditing, and for other research and analysis

Detecting, investigating, or protecting against malicious, deceptive, fraudulent, or illegal activity

Internet or other electronic network activity information, including search history, and information regarding interactions with our websites, applications, or advertisements

Automatically when you use our websites and apps

Internet service providers

Data analytics providers

Vendors that help us to fulfill and deliver orders, and provide communications, marketing, or other services on our behalf

To better understand how users access and use the websites and apps, to improve the websites and apps, to respond to user desires and preferences, auditing, and for other research and analysis

Marketing and advertising

To help maintain the safety, security, and integrity of our websites and apps, databases and other technology assets, as well as your account, orders, and deliveries

Detecting, investigating, or protecting against malicious, deceptive, fraudulent, or illegal activity

Tailoring our content or otherwise personalizing the websites and apps

Customer service

Geolocation data

Automatically when you use our websites and apps

Processing your purchases of or requests for products or services

Customer service

Marketing and advertising

To better understand how users access and use the websites and apps, to improve the websites and apps, to respond to user desires and preferences, auditing, and for other research and analysis

To help maintain the safety, security, and integrity of our websites and apps, databases and other technology assets, as well as your account, orders, and deliveries

Detecting, investigating, or protecting against malicious, deceptive, fraudulent, or illegal activity

Tailoring our content or otherwise personalizing the websites and apps

Audio, electronic, visual, thermal, olfactory, or similar information

WE DO NOT COLLECT

N/A

Professional or employment-related information

If you are a Jimmy John's employee, please see our California Employee Privacy Notice for additional disclosures. Job applicants can find additional disclosures in our California Applicant Privacy Notice.

Directly from you.

As part of our application process for potential franchisees, and relationship with current franchisees

Detecting, investigating, or protecting against malicious, deceptive, fraudulent, or illegal activity

Inferences used to create a profile reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

Drawn from the other categories of Personal information we collect

To support our contests, promotions, loyalty programs, coupons, and sweepstakes

Marketing and advertising

To better understand how users access and use the websites and apps, to improve the websites and apps, to respond to user desires and preferences, auditing, and for other research and analysis

Tailoring our content or otherwise personalizing the websites and apps

As part of our application process for potential franchisees, and relationship with current franchisees

Among the categories listed above are the following categories of sensitive personal information:

Category of Sensitive Personal Information Categories of Sources from which Information was Collected Purposes for Collection

Personal Information that reveals a Social Security, driver's license, state identification card, or passport number

Directly from you.

As part of our application process for potential franchisees, and relationship with current franchisees

Personal Information that reveals an account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account

Directly from you

Maintaining your account with us

Personal Information that reveals precise geolocation (location within a radius of 1,850 feet)

Automatically when you use our websites and apps

Processing your purchases of or requests for products or services

Detecting, investigating, or protecting against malicious, deceptive, fraudulent, or illegal activity

Tailoring our content or otherwise personalizing the websites and apps

In addition to the purposes described above, we may use and disclose any category of personal information or sensitive personal information we collect to respond to law enforcement requests, or as otherwise required or authorized by applicable law, court order, or governmental regulations; to protect our rights and interests and those of others (including our franchisees); to resolve any disputes; to enforce our policies; and to evaluate or conduct a merger, sale, or other acquisition of some or all of our assets.

How Long We Keep Your Personal Information

We keep the categories of personal information described above for as long as is necessary for the purposes described in this Privacy Policy or otherwise authorized by law. This generally means holding the information for as long as one of the following apply:

Where personal information is used for more than one purpose, we will retain it until the purpose with the latest period expires. For more information about our retention policies, please contact us using the contact details below.

How We Disclose, Share, and Sell Personal Information

We disclose personal information as shown below. The first chart shows the categories of personal information we disclose to our service providers and contractors for business or commercial purposes. Although we do not sell personal information in exchange for money, some of the ways in which we disclose personal information for advertising or to our affiliated brands and companies may be considered “sales” or “sharing” under California law. The second chart shows the categories of personal information we share for purposes of cross-context behavioral advertising or otherwise “sell,” as that term is defined under California law. We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age

1.Disclosures for a Business or Commercial Purpose

Category of Personal Information Categories of Recipients Purposes for Disclosure
Personal Information

Identifiers

Affiliates

Service providers that we use to support our business and operations

Processing your purchases of or requests for products or services

Performing services on our behalf (e.g., fulfilling and delivering orders, processing payments, supporting our promotions, contests, gift cards or loyalty programs, and providing communications, technical, analytical, web hosting, cloud hosting and mobile application support, or other services on our behalf)

Providing advertising and marketing services (except for cross-context behavioral advertising)

Short-term, transient use, including, but not limited to, non-personalized advertising

Auditing, related to ad impressions

Ensuring security and integrity of personal information

Debugging to identify and repair errors that impair existing intended functionality

Detecting, investigating, or protecting against malicious, deceptive, fraudulent, or illegal activity

Personal records

Affiliates

Service providers that we use to support our business and operations

Processing your purchases of or requests for products or services

Performing services on our behalf (e.g., fulfilling and delivering orders, processing payments, supporting our promotions, contests, gift cards or loyalty programs, and providing communications, technical, analytical, web hosting, cloud hosting and mobile application support, or other services on our behalf)

Providing advertising and marketing services (except for cross-context behavioral advertising)

Short-term, transient use, including, but not limited to, non-personalized advertising

Auditing, related to ad impressions

Ensuring security and integrity of personal information

Debugging to identify and repair errors that impair existing intended functionality

Detecting, investigating, or protecting against malicious, deceptive, fraudulent, or illegal activity

Characteristics of protected classifications

Affiliates

Service providers that we use to support our business and operations

Performing services on our behalf (e.g., fulfilling and delivering orders, processing payments, supporting our promotions, contests, gift cards or loyalty programs, and providing communications, technical, analytical, web hosting, cloud hosting and mobile application support, among other services)

Providing advertising and marketing services (except for cross-context behavioral advertising)

Short-term, transient use, including, but not limited to, non-personalized advertising

Detecting, investigating, or protecting against malicious, deceptive, fraudulent, or illegal activity

Commercial Information

Affiliates

Service providers that we use to support our business and operations

Processing your purchases of or requests for products or services

Performing services on our behalf (e.g., fulfilling and delivering orders, processing payments, supporting our promotions, contests, gift cards or loyalty programs, and providing communications, technical, analytical, web hosting, cloud hosting and mobile application support, among other services)

Providing advertising and marketing services (except for cross-context behavioral advertising)

Short-term, transient use, including, but not limited to, non-personalized advertising

Auditing, related to ad impressionsEnsuring security and integrity of personal information

Debugging to identify and repair errors that impair existing intended functionality

Detecting, investigating, or protecting against malicious, deceptive, fraudulent, or illegal activity

Internet or other electronic network activity information

Service providers that we use to support our business and operations

Processing your purchases of or requests for products or services

Performing services on our behalf (e.g., fulfilling and delivering orders, processing payments, supporting our promotions, contests, gift cards or loyalty programs, and providing communications, technical, analytical, web hosting, cloud hosting and mobile application support, among other services)

Providing advertising and marketing services (except for cross-context behavioral advertising)

Short-term, transient use, including, but not limited to, non-personalized advertising

Auditing, related to ad impressionsEnsuring security and integrity of personal information

Debugging to identify and repair errors that impair existing intended functionality

Detecting, investigating, or protecting against malicious, deceptive, fraudulent, or illegal activity

Geolocation data

Service providers that we use to support our business and operations

Processing your purchases of or requests for products or services

Performing services on our behalf (e.g., fulfilling and delivering orders)

Short-term, transient use, including, but not limited to, non-personalized advertising

Inferences

Affiliates

Service providers that we use to support our business and operations

Performing services on our behalf (e.g., providing communications, technical, analytical, web hosting, cloud hosting and mobile application support, among other services)

Providing advertising and marketing services (except for cross-context behavioral advertising)

Sensitive Personal Information

Precise geolocation

Service providers that we use to support our business and operations

Processing your purchases of or requests for products or services

Performing services on our behalf (e.g., fulfilling and delivering orders)

2. Sales and Sharing of Personal Information

Category of Personal Information or Sensitive Personal Information Categories of Recipients Purposes for Selling / Sharing

Identifiers

Service Providers

Affiliates

To show you relevant ads

Analytics, data strategy, consultation on, development or improvement of products and services, marketing, advertising, and related services

Personal Records

Service Providers

Affiliates

To show you relevant ads

Analytics, data strategy, consultation on, development or improvement of products and services, marketing, advertising, and related services

Submitting Requests Relating to Your Personal Information

If you are a resident of California, you have the right to submit certain requests relating to your personal information as described below. To exercise any of these rights, please submit a request through our webform here or call us at 1-866-276-6302. Please note that, if you submit a request to know, request to delete, or request to correct, you will be asked to log into your account or to provide 2-3 pieces of personal information that we will match against our records to verify your identity. You may designate an authorized agent to make a request on your behalf; however, you will still need to verify your identity directly with us before your request can be processed. An authorized agent may submit a request on your behalf using the webform or toll-free number listed above.

Right to Know. You have the right to know what personal information we have collected about you, which includes:

(1) The categories of personal information we have collected about you, including

(2) The specific pieces of personal information we have collected about you

Right to Delete Your Personal Information. You have the right to request that we delete personal information we collected from you, subject to certain exceptions. Where we use deidentification to satisfy a deletion request, we commit to maintaining and using the information in deidentified form and will not to attempt to reidentify the information.

Right to Correct Inaccurate Information. If you believe that personal information we maintain about you is inaccurate, you have the right to request that we correct that information.

Right to Opt Out of Sales and Sharing of Personal Information. You have the right to opt out of the sale of your personal information, and to request that we do not share your personal information for cross-context behavioral advertising. To opt-out, please click here. If you choose to use the Global Privacy Control (GPC) browser signal, you will be opted out of cookie-based sales or sharing of personal information, and will need to turn it on for each browser you use.

Right to Limit Use and Disclosure of Sensitive Personal Information. To limit our use of your Sensitive personal information, if applicable, please click here.

Rights Related to Automated Decision-Making. You have the right to opt out of automated decision-making, including profiling, that we use to evaluate certain personal aspects relating to your performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Right to Non-Discrimination for the Exercise of Your Privacy Rights. If you choose to exercise any of your privacy rights under the CCPA, you also have the right not to receive discriminatory treatment by us.

Notice of Financial Incentive

We may offer loyalty programs (including Freaky Fast Rewards) that provides benefits such as rewards points and discounts to those who choose to participate. From time to time, we also offer coupons, discount codes, or offers for free products that required a sign-up. Participation equires you to provide some personal information, such as Identifiers, Personal Records, Internet or other electronic network activity information, and Commercial Information. The incentives associated with our loyalty programs are designed to reward loyal customers for continuing to purchase our products. For the terms and conditions applicable to Freaky Fast Rewards, please click here.

We have made a good faith estimate that the value of consumers' personal information provided in connection with our loyalty programs is roughly equivalent to the relevant expenses related to the collection and retention of that personal information. Any difference in price or benefits provided to customers who participate in our loyalty programs is reasonably related to the value of the personal information provided. By joining our loyalty program, you consent to any financial incentive associated with the program. You have the right to withdraw from the financial incentive at any time by cancelling your participation in the loyalty program.

ADDITIONAL DISCLOSURES FOR VIRGINIA RESIDENTS

This Section supplements the other parts of our Privacy Policy, and provides additional information for Virginia consumers, including how to exercise their rights under the Virginia Consumer Data Protection Act ('VCDPA').

A. Additional Information about Certain Data Uses

Targeted Advertising. We may process your personal information for targeted advertising (as the term is defined in the VCDPA). To opt out, please click here.

Sales of Personal Information. We do not sell personal information as defined under the VCDPA.

B. Making a Privacy Rights Request

If you are a resident of Virginia, you have the right to submit certain requests relating to your personal information as described below. To exercise any of these rights, please submit a request through our webform here. Please note that we will need to authenticate your identity before your request can be processed. For authentication, you will be asked to log into your account or to provide 2-3 pieces of personal information that we will match against our records.

Right to Access and Data Portability. You have the right to confirm whether we are processing your personal information, to access your personal information, and to obtain a copy of personal information you provided to us in a portable format.

Right to Correct. You have the right to request that we correct inaccuracies in your personal information, taking into account the nature of the personal information and our purposes for processing it.

Right to Delete. You have the right to request that we delete your personal information.

Right to Opt Out. Under the VCDPA, you have the right to opt out of the following uses of your personal information:

We do not use your personal information in ways that qualify as sales or profiling under the VCDPA. To opt out of targeted advertising, please submit a request as outlined above.

Right to Appeal. Sometimes we are unable to process requests relating to your personal information, in which case, your request will be denied. If you are a resident of Virginia whose privacy rights request has previously been denied by us and you believe we denied it in error, you may appeal for reconsideration of your request. The link to appeal is found in the email communication we send once your original request is completed.

Please note that if you make a privacy rights request, we will retain a record of your request for recordkeeping purposes.

Nevada residents' rights. We also have disclosure obligations in Nevada. We do not exchange Nevada residents' personal information for money with anyone so they may license or sell the personal information to additional parties. Nevada residents may opt out of the future sale of their information to a third party so that they may license or sell information by emailing us at [email protected]. You may contact us with questions or requests regarding the sale of your information as described below.

WE USE REASONABLE SECURITY MEASURES

The Internet is not 100% secure. We cannot promise that your use of our sites or apps will be completely safe. We encourage you to use caution when using the Internet. This includes not sharing your passwords.

WE STORE INFORMATION IN THE UNITED STATES

If you live outside of the United States, you understand and agree that we may transfer your information to the United States. This site is subject to U.S. laws, which may not afford the same level of protection as those in your country.

THIRD PARTY SITES AND LINKS

If you click on a link to a third-party site, you will be taken to websites we do not control. This includes our pages on social media sites. This policy does not apply to the privacy practices of these websites. Read the privacy policy of other websites carefully. We are not responsible for these third-party practices.

INFORMATION COLLECTION FROM CHILDREN

Our sites and apps are meant for adults. We do not knowingly collect personally identifiable information from children under 13 without permission from a parent or guardian. If you are a parent or legal guardian and think your child under 13 has given us information, you can email us. You can also write to us at the address listed at the end of this policy. Please mark your inquiries "COPPA Information Request." Parents, you can learn more about how to protect children's privacy on-line here.

CONTACT US

If you have questions about this Policy, you can write to us at:

Jimmy John's Attn: Legal Department, Privacy Counsel,
3 Glenlake Parkway NE, Atlanta, GA 30328.

You can email us at [email protected].

You can call us at 1-866-276-6302.

POLICY UPDATES

We may make changes or updates to this Policy. We will notify you of any material changes to this Policy as required by law. All changes will also be posted on our website. Please check our site periodically for updates.