Privacy

McDonald’s Global Customer Privacy Statement

Last updated: October 17, 2023

I. Introduction

This Privacy Statement describes how McDonald’s in the countries listed below – collect, use, protect and share the personal information of our customers. Customers include those who visit our restaurants, use our websites and mobile apps, and otherwise interact with us.

Some of the countries in which we operate have laws that require us to share specific privacy information with our customers in those countries. As such, this Privacy Statement is comprised of two sections – a globally applicable statement and country-specific addenda for the following countries:

II. Your Privacy Globally

The data controller of your personal information is the McDonald’s entity in the jurisdiction where your personal information is collected (“we” or “us”). Please refer to the applicable country specific addendum for more information.

If you are a customer in a country not listed above, please visit the country’s McDonald’s website for the applicable Privacy Statement.

Many of our restaurants are owned and operated by franchisees, who are independent businessmen and women. This Privacy Statement does not apply to our franchisees or to websites or mobile apps that they operate. Please reference our franchisees’ privacy notices for information on how they collect and use customer information.

  1. Information We Collect
  2. How We Use The Information We Collect
  3. How We Share The Information We Collect
  4. Children's Privacy Notice
  5. Your Choices and Rights
  6. Use Of Our Online Services And Other Technology
  7. Links To Other Websites And Social Media
  8. Information Security
  9. Retention
  10. International Data Transfers
  11. Changes To Our Privacy Statement
  12. How To Contact Us

1.  Information we collect

We may collect personal information about you when you visit our restaurants, use our websites or mobile apps (“online services”), and otherwise interact with us (collectively, “services”). The information we collect falls into three categories: (a) information you provide to us; (b) information we collect through automated methods when you use our services; and (c) information we collect from other sources (read below). 

Generally, you are under no obligation to provide your personal information. However, in certain cases, we may be unable to provide you with our services unless you provide your personal information.

We may combine the information you provide to us with information that we collect through automated methods, and with information we receive from other sources. For example, when you add a method of payment to your profile in our mobile app, we may combine your profile with information we receive from our payment processors or other providers regarding transactions made with the same payment credentials in our restaurants.

We collect information you provide to us

You may provide the following information to us, depending on how you interact with us:

  • personal details, such as your name, postal and email addresses, phone number, birthday information and other contact information, when you register with our online services, log-in to Wi-Fi, enter one of our competitions, or contact us by phone or through our online services;
  • demographic information such as age or gender;
  • transaction information, including information about the products you buy, prices, method of payment and payment details;
  • account information, such as your username or password (or anything else that identifies you) used to access our online services or to buy or use our products and services;
  • profile information, including products and services you like, or times you prefer to visit us; and
  • other personal information you choose to provide us when you interact with us (including through social media).

We collect information through automated methods

We may use automated technology to collect information from your computer system or mobile device when you visit our restaurants, use our online services, or in-restaurant technology. Automated technology may include cookies, local shared objects, and web beacons. There is more information below about cookies and other technologies in Section 6.

We may collect information about your:

  • internet protocol (IP) address;
  • computer or mobile-device operating system and browser type;
  • type of mobile device and its settings;
  • unique device identifier (UDID) or mobile equipment identifier (MEID) of your mobile device;
  • device and component serial numbers;
  • advertising identifiers (for example, an Identifier for Advertising (IDFA) on Apple devices) or similar identifiers;
  • referring webpage (a page that has led you to ours) or application;
  • online activity on other websites, applications or social media;
  • visits to our restaurants, where recorded using digital technology (e.g. video recordings); and
  • activity related to how you use our online services or in-restaurant technology, such as the pages you visit on our websites or in our mobile apps.

Our online services and in-restaurant technology may collect information about the exact location of your mobile device or computer using geolocation and technology such as GPS, Wi-Fi, Bluetooth, or cell tower proximity.  For most mobile devices and computer systems, you can disable the collection of this information by using the device or web-browser settings.  If you have any questions about how to prevent us from collecting exact information about your location, we recommend you contact your mobile-device service provider, the device manufacturer, or your web-browser provider.  Some online services and in-restaurant technology may not work properly without information about your location.

We collect information from other sources

We may collect information about you from our business partners and vendors (e.g., food delivery platforms, data providers, or payment processors) or from public sources (e.g., your public social media posts).

Back to Top

Back to Privacy Overview

2. How We Use the Information We Collect

We use the information we collect for the following purposes:

  • to provide our products and services and contract with you, including payment processing and customer support;
  • to manage our relationship with you, including feedback management and for customer surveys;
  • to personalize and improve our products and services and your overall customer experience, in particular by improving our existing technologies and developing new products and services and employing profiling technology (unless we notify you separately thereof, this will not include automated individual decisions that have legal effects for you or similarly significantly affect you); 
  • to provide you with general and personalized electronic and non-electronic direct marketing information and support our targeted advertising initiatives concerning our products and services as well as our business partners’ products and services (including promotions, contests, prize draws, competitions, and sweepstakes);
  • business analytics, including consumer and operations research, to assess the effectiveness of our sales, online service, marketing, and advertising, and to analyze market trends and (future) customer demand;
  • to ensure the security of our online services and in-restaurant technology including the detection, prevention, and investigation of attacks;
  • to protect against, identify and prevent fraud and other crime, claims and other liabilities;
  • to protect the rights, safety, health, and security of our customers, our employees, our franchisees, and the general public, and to protect our property; 
  • to anonymize your information for further internal and external use in a manner that does not identify you;
  • to comply with legal obligations, our policies, or our Standards of Business Conduct; and
  • to establish, exercise or defend a legal claim.

We may use the information we collect about you in other ways, which we will tell you about at the time we collect it or before we begin using it for those other purposes.

If we are established in the EU or the European Economic Area (“EEA”) or are otherwise subject to the General Data Protection Regulation (“GDPR”), we process your personal information on the basis of

  • the necessity to perform a contract we have concluded with you or the necessity to take steps at your request prior to entering into such a contract (Article 6(1)(b) GDPR);
  • our prevailing legitimate interest to personalize and improve your overall customer experience and achieve the purposes set out above (Article 6(1)(f) GDPR);
  • the necessity to comply with legal obligations to which we are subject (Article 6(1)(c) GDPR); or in some cases,
  • your consent for which we may ask you in a separate process (Article 6(1)(a) GDPR).

Back to Top

Back to Privacy Overview

3. How We Share the Information We Collect

We do not sell your personal information and only share your information as described in this Privacy Statement or as otherwise communicated to you at the time we collect your information. Please note that some US state statutes may define a “sale” to include sharing of personal information with third parties for valuable consideration.  Many companies have common arrangements with online advertising networks and analytics companies that may potentially be considered sales under these definitions.  Please reference our Additional Notice for California Consumers in the US Country Specific Addendum (below) for more information.

We may share your personal information with:

  • members of The McDonald's Family consists of McDonald’s Corporation and McDonald’s Global Markets LLC, and their affiliates, and subsidiaries (“McDonald’s Entities”), and franchisees of McDonald’s Entities;
  • vendors who help us operate our business (including information technology service providers and marketing agencies that we use as well as those who use the information to detect or prevent fraud for us, and who may use the information to provide fraud detection and prevention services to others.);
  • public authorities and courts;
  • buyers or other parties involved in a corporate transaction if we decide to sell or transfer all or part of our business;
  • our professional advisers such as our legal representatives, auditors and insurance brokers; and
  • business partners if they are involved in your customer experience, including product or service delivery (e.g., food delivery platforms).

Back to Top

Back to Privacy Overview

4. Children's Privacy Notice

We understand how important it is to protect your privacy when you use our online services. We are especially committed to protecting the privacy of children who visit or use our online services. For more information on how a specific country protects children’s privacy, please review the country specific addendum.

We urge parents to regularly monitor and supervise their children's online activities. If you have any questions about our children’s privacy practices, please contact us at our Global or Local Data Protection Office using the contact information provided below. If you are contacting a Local Data Protection Office, please choose the office in the country in which you are a customer.

Back to Top

Back to Privacy Overview

5. Your Choices and Rights

Marketing Communications

If you are subscribed to our marketing communications, you can later opt out by following the opt-out instructions in the marketing communications we send you. You can also generally find your communication preferences with instructions on how to opt out in the profile section of the online services that you use. You may also have the ability to change your communication preferences using your device settings. You can also opt out by contacting us at our Global or Local Data Protection Office using the contact information provided below. If you are contacting a Local Data Protection Office, please choose the office in the country in which you are a customer.

If you do opt out of receiving marketing communications from us, we may still send communications to you about your transactions, any accounts you have with us, and any contests, competitions, prize draws or sweepstakes you have entered. Opting out of one form of communication does not mean you have opted out of other forms as well. For example, if you opt out of receiving marketing emails, you may still receive marketing text messages if you have opted in to receiving them. Please note that if you are receiving communications from a McDonald’s franchisee, then you will need to opt out from them directly.

We do not share personal information with third parties for their own direct marketing purposes, unless you give us permission to do so. When we give you notice, and you consent, we will share your personal information as you direct us to.

Your Personal Information Rights

Under applicable law, you may have the rights (under the conditions and to the extent set out in applicable law):

  • to check whether and what kind of personal information we hold about you and to access or to request copies of such data;
  • to request correction, supplementation, anonymization, blocking or deletion of information about you that is inaccurate, incomplete, outdated, unnecessary, excessive or processed in non-compliance with applicable requirements;
  • to request the restriction of the collection, processing or use of information about you;
  • in certain circumstances, to object for legitimate reasons to the processing of your information or to revoke consent previously granted for the processing while the latter does not affect the lawfulness of processing before the revocation;
  • to request data portability; and
  • to lodge a complaint with the competent authority.

For more information regarding these rights, and the countries where these rights are available, please refer to the country specific addendum.

Back to Top

Back to Privacy Overview

6. Use of Our Online Services and Other Technology

We and our vendors may use cookies, web beacons and other similar technologies on our online services and in other areas related to our business, such as online advertising, to collect information and provide you with the services or products that you have requested.

Cookies and other technologies

A “cookie” is a small text file that is placed onto an Internet user’s web browser or device and is used to remember and/or obtain information about the user.

A “web beacon” is a small object or image that is embedded into a web page, application, or email and is used to track activity. They are also sometimes referred to as pixels and tags.

Please note the following:

  • You might be assigned a cookie when using our online services.
  • We offer certain features that are available only through the use of cookies and other similar technologies.
  • We may use both session (for the duration of your visit) and persistent (for the duration of a fixed period of time) cookies and other tracking technologies.
  • Our online services and other areas related to our business may have web beacons.

Both we and selected third parties (such as our advertising networks) may use these technologies to collect information about your online activities, over time and across third-party websites and devices, and when using our online services to further personalize your experience with us.

Use the options in your web browser if you do not wish to receive a cookie or if you wish to set your browser to notify you when you receive a cookie. Select the “Help” section of your browser to learn how to change your cookie preferences. If you disable all cookies, you may not be able to take advantage of all the features available on a website.

Some newer web browsers may have a "Do Not Track" preference that transmits a "Do Not Track" header to the websites you visit with information indicating that you do not want your activity to be tracked. McDonald’s does not currently take actions to respond to Do Not Track signals because a uniform technological standard has not yet been developed. We continue to review new technologies and may adopt a standard once one is created.

More information regarding how cookies and related technologies are used in a country in which you are a customer may be available in the country-specific addendum or a cookie preferences section of the online service.

Targeted advertising

When you use our online services, we (and our vendors) may collect information about your activities so that we can provide you with advertising tailored to your interests.

Because we utilize advertising (“ad”) networks, you may notice certain ads on other websites. Ad networks allow us to target the information we send you based on your interests, other information related to you, and contextual means. These ad networks track your online activities over time by collecting information through use of cookies, web beacons, and other technologies. The ad networks use this information to show you advertisements that may be of particular interest to you. The ad networks we utilize may collect information about your visits to websites that also take part in the relevant ad network, such as the pages or advertisements you view and how you use the websites. We use this information, both on our online services and on third-party websites that take part in the ad networks, to provide you with advertising tailored to you, and to help us assess how effective our marketing is.

You can opt out of targeted advertising by visiting the Digital Advertising Alliance website or the Network Advertising Initiative website . If you choose to opt out, you will continue to receive advertisements but they will not be tailored to your interests. Please refer to the country-specific addendum or a cookie preferences section of the online service for further information on your choices concerning target advertising. Moreover, depending on the type and version of the operating system of your mobile device, you may also be asked whether to enable targeted advertising.

Back to Top

Back to Privacy Overview

7. Links to Other Websites and Social Media

Our online services may offer links to websites that are not run by us but by third parties. If you visit one of these linked websites, you should read the website’s privacy policy, terms and conditions, and their other policies. We are not responsible for the policies and practices of third parties. Any information you give to those organizations is dealt with under their privacy policy, terms and conditions, and other policies.

We may also have providers of other apps, tools, widgets and plug-ins (“Plug-Ins”) on our online services, such as Facebook “Like” buttons, which may also use automated methods to collect information about how you use these features. These organizations may use your information in line with their own privacy policies. Please refer to the country-specific addendum for further information on your choices concerning such Plug-Ins.

Back to Top

Back to Privacy Overview

8. Information Security

We are committed to taking appropriate measures designed to keep your personal information secure.  Our technical, organizational and physical measures are designed to protect personal information from accidental, unlawful or unauthorized loss, access, disclosure, use, alteration, or destruction.  While we make efforts to protect our information systems, no website, mobile application, computer system, or transmission of information over the internet or any other public network can be guaranteed to be 100% secure.

Back to Top

Back to Privacy Overview

9. Retention

We keep your information for the length of time needed to carry out the purposes outlined in this Privacy Statement and to adhere to our policies on keeping records (unless a longer period is needed by law). Our records policies reflect applicable laws. We will retain and use your information to the extent necessary to manage your relationship with us, personalize and improve your overall customer experience, and to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, enforce our agreements, and as otherwise described in this Statement.

Back to Top

Back to Privacy Overview

10. International Data Transfers

The McDonald’s Family is global in nature with business processes, management structures and technical systems that cross borders. As such, we may share information about you within the McDonald’s Family and transfer it to countries in the world where our vendors or members of the McDonald’s Family are established. Any international data transfers will be in accordance with this Privacy Statement and in compliance with applicable laws.

If we are established in EU/EEA, the UK, or Switzerland, or are otherwise subject to the GDPR or similar laws, we only transfer your personal information to countries that are considered by those laws to provide an adequate level of protection or otherwise where we have established or confirmed that all data recipients will provide an adequate level of data protection, in particular by way of entering into appropriate data transfer agreements based on Standard Contractual Clauses (e.g., Commission Implementing Decision (EU) 2021/914) and other suitable measures, which are accessible from us upon request.

Back to Top

Back to Privacy Overview

McDonald’s Corporation and McDonald’s Global Markets LLC’s participation in the EU-U.S. and Swiss-U.S. Data Privacy Frameworks

McDonald’s Corporation and McDonald’s Global Markets LLC, a wholly-owned subsidiary, participate in and comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension of the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (collectively, “DPF”) as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information from European Union member countries, the United Kingdom, and Switzerland. For purposes of this DPF section only, McDonald’s Corporation and McDonald’s Global Markets LLC are each individually and collectively referred as “McDonald’s Global.” McDonald’s Global’s participation in the DPF subjects it to the investigatory and enforcement power of the Federal Trade Commission.

As a DPF participant, McDonald’s Global is committed to and has certified to the U.S. Department of Commerce that it adheres to: (i) the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal information received from the European Union; (ii) the UK Extension to the EU-US DPF with regard to the processing of personal information received from the United Kingdom; and (iii) the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal information received from Switzerland.  If there is any conflict between the terms in this Privacy Statement and the  EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/participant-search. Please note the following:

  • McDonald’s Global may share personal information that is subject to the DPF Principles with vendors acting as agents to provide services to it, as described above in Section 3. McDonald’s Global may be liable under the DPF if these vendors process such personal information in a manner inconsistent with the DPF, unless McDonald’s Global proves that it is not responsible for the event giving rise to the damage.
  • McDonald’s Global may disclose personal information received in reliance on the DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • You have the right to request access to personal information received by McDonald’s Global in reliance on the DPF, and to exercise choice in limiting McDonald’s Global use and disclosure of such information. If you are interested in exercising your rights and choices, please contact McDonald’s Global at the address, phone number or email address below or update your preferences via the cookie banner on our website.

McDonald’s Global privacy practices are provided in this Privacy Statement. McDonald’s Global encourages you to contact it at any time as specified in the Contact Us section below with questions, concerns or complaints about its privacy practices and participation in the DPF. You may also refer a complaint to your local data protection authority and McDonald’s Global will work with them to resolve your concern.

If McDonald’s Global is unable to resolve your concern regarding your personal information received by McDonald’s Global under the DPF, you have the right to direct your unresolved concern to JAMS, an independent dispute resolution service based in the United States, to provide recourse at no charge to you. To seek recourse for an unresolved concern, visit JAMS' DPF Dispute Resolution page. If JAMS is unable to resolve your concern, you may have the right to invoke binding arbitration under certain conditions. To learn more about this option, visit the DPF’s "How to Submit a Complaint" page.

Please note that the foregoing processes apply only to the resolution of disputes regarding personal information received by McDonald’s Global under the DPF. All other disputes that you may have with McDonald’s Global or any other members of the McDonald’s Family, or any agents, representatives, agencies, officers, directors, or employees, must be resolved in accordance with the terms and conditions of any applicable websites, mobile apps, email newsletters, email subscriptions or other digital properties owned or controlled by a member of the McDonald’s Family.

For more information about the DPF program, and to view McDonald’s Global certification, please visit the DPF website.

Back to Top

Back to Privacy Overview

11. Changes To Our Privacy Statement

This Privacy Statement is in effect as of the date noted at the top of the statement.  We may change this Privacy Statement from time to time.  If we do, we will post the revised version here and change the “last updated date” (the date it applies from) at the top of the statement and/or contact you directly where we deem appropriate to do so under applicable law. You should check here regularly for the most up-to-date version of the statement.

Back to Top

Back to Privacy Overview

12. How To Contact Us

In line with our Standards of Business Conduct, we hold ourselves to ethical standards when it comes to data privacy and protection and we welcome any feedback or questions you may have concerning the collection and processing of your personal data. Our contact details and those of our Local Data Protection Offices as well as the contact details of our data protection officer, if appointed, can be found in the country specific addendum. 

The McDonald’s Global Data Protection Office can be reached at
Attention: Global Data Protection Office
Privacy at McDonald's, Dept. 282
110 North Carpenter Street
Chicago, IL 60607-2101, USA
contact.privacy@us.mcd.com

McDonald’s Corporation has appointed a data protection officer who can be reached at:
Attention: Data Protection Officer
Privacy at McDonald's, Dept. 282
110 North Carpenter Street
Chicago, IL 60607-2101, USA
contact.privacy@us.mcd.com

Back to Top

Back to Privacy Overview

United States

Last updated: July 1, 2023

McDonald’s USA is committed to protecting the information of our customers. The below is meant to provide additional information regarding our privacy practices in the United States.

Children’s Privacy Notice

We do not knowingly collect personal information through our online services from children under the age of 13. We may offer certain features on our online services, such as games, coloring activities, and digital books, that children can use without providing any personal information. In the future, should we decide to collect personal information from children under 13 through our online services, we will do so in compliance with applicable law, including any notices to and obtaining any consents from parents or guardians that are required by law.

We urge parents to regularly monitor and supervise their children's online activities. If you have any questions about our children’s privacy practices, please contact us at:

Privacy at McDonald's, Dept. 282
110 North Carpenter Street
Chicago, IL 60607-2101, USA
contact.privacy@us.mcd.com

Notice of Financial Incentive

McDonald’s offers the MyMcDonald’s Rewards program. Generally speaking, MyMcDonald’s Rewards participants may receive rewards points for every dollar spent on qualifying purchases (as defined in the MyMcDonald’s Rewards Terms (USA) and via participation in periodic additional points-earning opportunities (such as bonus campaigns). Points may be accumulated and redeemed for purchases of eligible McDonald’s products. Participants may also receive other periodic rewards, such as exclusive offers and a treat during their birthday month. Participants may also receive personalized experiences, rewards or content connected to their use of the MyMcDonald’s Rewards program. The material terms of the MyMcDonald’s Rewards program are contained in the MyMcDonald’s Rewards Terms (USA). Participation in MyMcDonald’s Rewards is subject to those Terms, and we encourage you to read them prior to registering.

McDonald’s collects personal information in connection with providing the MyMcDonald’s Rewards program to consumers. This includes the following categories of personal information:

  • Identifiers, such as participants’ name, email address, (optional) day and month of birth, and MyMcDonald’s Rewards account numbers;
  • Personal information described in Cal. Civil Code § 1798.80(e), such as phone number and payment information (such as payment card details);
  • Commercial information, such as records of members’ purchases, information about actions taken while using the McDonald’s app, and members’ rewards account credentials;
  • Internet or other electronic network information reflecting a participants’ interaction with the McDonald’s app, in-restaurant technologies, or ads in connection with the MyMcDonald’s Rewards program;  
  • Geolocation data, which may be collected if participants enable their devices to collect their location (and which can be disabled at any time in device settings); and
  • Inferences drawn from any of the above categories of information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.

McDonald’s may share this personal information with the categories of third parties listed in “How we share the information we collect.” We do not disclose personal information collected in connection with the MyMcDonald’s Rewards program to data brokers. We may disclose certain identifiers such as email addresses and pseudonymized identifiers, information about the use of our websites and apps, and inferences drawn about you to our social media, advertising and analytics partners. Under certain state laws, this may be considered a sale of personal information for consideration. We may also process and share this information for targeted advertising.

McDonald’s benefits financially from the MyMcDonald’s Rewards program through increased customer loyalty and sales, but we do not assign an independent monetary value to the personal information we collect in connection with the program. Further, the precise value each MyMcDonald’s Rewards member receives from the program can vary greatly by individual, and depends on (without limitation) (a) the number of dollars spent and points accumulated, (b) the rewards redeemed, (c) whether someone is a regular or occasional customer of McDonald’s, and (d) whether participants elect to collect points for in-restaurant purchases. Some benefits to participants may also be intangible, such as the ability to streamline the ordering and/or payment process.

In general, however, McDonald’s estimates in good faith that the value of the personal information that McDonald’s collects through the MyMcDonald’s Rewards program would be less than the value that the MyMcDonald’s Rewards program provides to consumers. To the extent McDonald’s calculates the value of the personal information it collects through MyMcDonald’s Rewards, it does so in good faith based on the expenses related to the collection and retention of personal information in connection with the program.

You are given the choice to opt in to the MyMcDonald’s Rewards program when you set up a MyMcDonald’s account. You may also opt in at any time in your profile settings in the McDonald’s app under “MyMcDonald’s Rewards”. You may withdraw from the MyMcDonald’s Rewards program at any time in your profile settings in the McDonald’s app under “MyMcDonald’s Rewards”. Please note that by withdrawing from MyMcDonald’s Rewards, you will no longer have access to MyMcDonald’s Rewards, but you can otherwise continue to use the McDonald’s app. All points and rewards you have earned until the time of withdrawal will no longer be available. If you request that McDonald’s delete your personal information, then the points and rewards you have earned will no longer be available because we will no longer be able to associate you with those points and rewards.

Notice to California residents under 18 years of age

If you are a registered user of online services under the age of 18, and we have actual knowledge of your age, then under California law you may request and obtain removal of certain content or information you have posted on our online services. To do so, please contact us at the address, phone number or email address below. Please note that removal does not ensure complete or comprehensive removal of the content. For example, removal may not be possible or permitted if another provision of law requires the content to be maintained, if it was posted or reposted by others, or if we paid compensation to you in exchange for the posting.

Additional Notice for Consumers in Connecticut, Colorado, Utah, and Virginia

This part of our Privacy Statement applies to consumers who reside in the states of Connecticut, Colorado, Utah and Virginia.

  1. Targeted Advertising. Like many companies, McDonald’s processes personal information for targeted advertising. You can opt-out of targeted advertising by visiting the Digital Advertising Alliance website or the Network Advertising Initiative website. You can also opt-out of targeted advertising by (a) selecting Do Not Sell or Share My Personal Information and submitting an opt-out request to us, and by (b) selecting Cookie Settings on McDonald’s website and disabling cookies.
  2. Privacy Rights. Under applicable law, you may have the following rights, in each case under the conditions and to the extent set out in applicable law:
  • Right of Access: A right to confirm whether McDonald’s is processing personal information about you, and to request to access such personal information (including, if applicable, in a portable and readily usable format).
  • Right of Correction: A right to correct inaccuracies in certain personal information McDonald’s may hold about you; and
  • Right of Deletion: A right to request that McDonald’s delete personal information concerning you. Please note that if you have requested a service that requires the use of your personal information, we may not be able to provide that service if you choose to delete your personal information.

If any of the above rights are available to you under applicable law, you can submit a request to exercise your rights by visiting the McDonald’s Privacy Rights Center.

If your rights request is denied, applicable law may give you a right to lodge an appeal with us.  The response to your rights request will inform you of any appeal rights you may have, and tell you how you can exercise them.  

Additional Notice for California Consumers

This part of our Privacy Statement applies to consumers who reside in the State of California.

1.  Personal information we collect about California consumers

We describe the personal information we have collected about California consumers in the twelve (12) months preceding the “Last Updated” date of this Privacy Statement in the part titled, “Information we collect.” The information we have obtained includes the following:

  • Identifiers such as name, postal and email addresses, internet protocol (IP) address, social media handles, username, password and other contact information used to register and access McDonald’s products and services, log-in to Wi-Fi, enter one of our competitions, or contact us by phone or through our online services. The following categories of personal information described in California Civil Code § 1798.80(e):
    • the personal information listed in the preceding bullet point as “identifiers;”
    • signatures;
    • telephone number;
    • payment information (including payment card details or online payment services number and invoicing address) and financial information (such as bank account numbers);
    • physical characteristics or description; and
    • the other information that identifies, relates to, describes, or is capable of being associated with, a particular individual that we describe in “Information we collect.” 
  • Commercial information, including
    • records of products or services purchased or received from McDonald’s;
    • username, password, or other account information used to obtain access to McDonald’s online services;
    • information on actions taken on McDonald’s websites or mobile apps, which may include information about McDonald’s products or services considered and the times you visit our websites or use or mobile apps; and
    • information about consumer preferences and behavior that we collect on our websites and mobile apps or purchase from third parties in order to target consumers for digital advertisements or to personalize content we deliver on our websites and mobile apps.
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement, as well as the information listed above in the section titled “Information we Collect:”
    • computer or mobile-device operating system and browser type;
    • type of mobile device and its settings;
    • unique device identifier (UDID) or mobile equipment identifier (MEID) for your mobile device;
    • device and component serial numbers;
    • advertising identifiers (for example, IDFAs and IFAs) or similar identifiers;
    • referring website (a site that has led you to ours) or application;
    • online activity on other websites, applications or social media; and
    • activity related to how you use our online services, such as the pages you visit on our sites or in our mobile apps.
  • Geolocation data.
  • Characteristics of protected classifications under California or federal law, such as demographic information like age or gender.
  • Audio information from calls placed with customer service centers which may be recorded, and electronic information in the form of Internet or other electronic network activity information as described above.  When you visit our restaurants, we may also capture video information via CCTV cameras that help us monitor restaurant safety.
  • Inferences drawn from
    • the information we collect when you visit our websites, use our apps, interact with our official social media pages, or otherwise interact with us;
    • information we collect, including through third-party suppliers, regarding content and other data posted on the Internet (such as public locations on the Internet); and
    • information about consumer preferences and behavior that we collect on our websites and mobile apps or purchase from third parties in order to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.
  • Sensitive personal information, such as account login credentials when combined with passwords, and precise geolocation data, as described above. If you win a competition, contest, prize draw, or sweepstakes, we may also collect your social security number and driver’s license or state identification card as part of legal compliance.    

We collect this personal information directly from you when you provide information to us, for example, when registering for or using our online services, logging into Wi-Fi, using our in-restaurant digital channels, entering one of our competitions, or contacting us; from your computer system or mobile device when you use our online services, visit our restaurants, or use in-restaurant technologies; from other companies and organizations, such as our advertising agency partners, social media networks, data brokers, payment processors, and other providers and from publicly available sources.  For more information, please review “Information we collect.

2. Use of personal information

We use the personal information we collect about California consumers for the business purposes disclosed within our Privacy Statement.  For more information, please review “How We Use the Information We Collect.

The business purposes for which we may use personal information about California consumers include:

  • Audits and reporting relating to particular transactions and interactions, including online interactions, you may have with us or others on our behalf, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance;
  • Helping to ensure security and integrity while using personal information as may be reasonably necessary and proportionate, including detecting and protecting against security incidents, and malicious, deceptive, fraudulent or illegal activity, and prosecuting the same;
  • Debugging to identify and repair errors in our systems;
  • Short-term, transient use including contextual customization of ads;
  • Providing services on our behalf or on behalf of another, including maintaining or servicing accounts, providing customer service, fulfilling transactions, verifying identity information, processing payments, and other services. This includes:
    • Conducting internal research to develop and demonstrate technology; and
    • Conducting activity to verify, enhance, and maintain the quality or safety of services or devices which we may own, control, or provide.

We may also use the information we collect for our own or our service providers’ other operational purposes, purposes for which we provide you additional notice, purposes disclosed elsewhere in this Privacy Statement, or for purposes compatible with the context in which the personal information was collected.

We may de-identify personal information about you or receive de-identified personal information about you, and we may use and disclose such information for any purpose in accordance with applicable law. We will maintain de-identified information in de-identified form, and will not re-identify such information, except in accordance with the requirements of applicable law.  

3.  Disclosures of personal information

As is common practice among businesses that operate Internet websites and mobile apps, within the past 12 months, we may have shared certain identifiers such as email addresses and pseudonymized identifiers, information about the use of our websites and apps, and inferences drawn about you to our social media, advertising, and analytics partners. Under certain state laws, this may be considered to be a sale of personal information for consideration and/or the “sharing” of personal information for cross-context behavioral advertising. We do not disclose personal information of individuals we know to be under the age of 16 to other businesses or third parties for consideration or for cross-context behavioral advertising.

We have disclosed personal information in all or substantially all of the categories identified in this Additional Notice for California Consumers to members of the McDonald’s Family, vendors who provide services to us, in connection with a sale or transfer of all or part of our business, and as otherwise provided in “How we share the information we collect”.

4.  Your California privacy rights

If you are a California resident, you have the following rights.  We will honor requests received to the extent required by applicable law and within the time provided by law.

a.  Right to Access, Right to Correction, and Right to Deletion

  • Right to Access and Right to Know regarding Personal Information.  You have the right to request that we disclose the following to you
    • the categories of Personal Information we have collected about you;
    • the categories of sources from which the Personal Information is collected;
    • our business or commercial purpose for collecting or selling Personal Information; 
    • the categories of third parties with whom we share Personal Information; and
    • the specific pieces of information we have collected about you. 
    • the categories of personal information about you, if any, that we have disclosed for monetary or other valuable consideration and the categories of third parties to which we have disclosed the information, by category or categories of personal information for each third party to which we disclosed the personal information; and
    • the categories of personal information about you that we disclosed for a business purpose.
  • Right to Deletion of Personal Information.  You have the right to request that we delete Personal Information about you that we have collected from you. Please note if you have requested a service that requires the use of your personal information, we may not be able to provide that service if you choose to delete your personal information.
  • Right to Correct. You have the right to request that we correct personal information that we maintain about you that is inaccurate.

For requests made in connection with the Right of Access, Right to Know, Right to Correct, and/or Right of Deletion, please note:

  • as required under applicable law, we must take steps to verify your request before we can provide personal information to you, correct or delete personal information, or otherwise process your request.  To verify your request, you must provide your name, email address, and state of residence, and you may also have the option to provide you phone number.  If we believe we need further information to verify your request as required by law, we may ask you to provide additional information to us.
  • we will process your request within 45 days after receipt of a verifiable request, unless we notify you that we require additional time to respond, in which case we will respond within such additional period of time required by law.  If your request involves us providing personal information to you, we may deliver the personal information to you through your account, if you maintain an account with McDonald’s, or electronically or by mail at your option.  If electronically, then we will deliver the information to you or, if you so request and if permitted by law, to another entity, in a portable and, to the extent technically feasible, in a structured, commonly used, machine-readable format that allows you to transmit the information from one entity to another without hindrance.

b.  Right to Opt Out of Sales or Sharing. You have the right to opt out of the disclosure of personal information about you for consideration and the sharing of personal information about you for cross-context behavioral advertising. Select Do Not Sell My Info to be directed to an interactive form through which you may submit an online request to opt-out. To opt-out of collection of information by analytics, advertising, and social media partners, you can select Cookie Settings on McDonald’s website and disable cookies. You can also visit the opt-out tools provided by the Network Advertising Alliance and the Digital Advertising Alliance.

Additionally, McDonald’s will process opt-out requests submitted by a consumer’s opt-out preference signal as required by applicable law.  The technical specifications of a consumer’s opt-out preference signal determine how we process such signals.  For example, if a consumer installs opt-out preference technology on a browser, and the opt-out preference signal it sends is associated solely with a user’s browser, the opt-out will be applied to the browser.  As of the “Last Updated” date of this Privacy Statement, our processing of opt-out preference signals can be considered “frictionless” under California law.

You can learn how to set up and use an opt-out preference signal by visiting the California Attorney General’s CCPA page, and consulting the section titled “Requests not to Sell Personal Information (Right to Opt-Out of Sale).”  You can also consult information published by the California Privacy Protection Agency (CPPA) about how you can set up and use opt-out preference signals.

c. Sensitive Personal Information. McDonald’s does not use or disclose sensitive personal information for purposes that, under applicable law, require us to offer consumers a “Right to Limit” the use or disclosure of sensitive personal information.

d.  Right to Non-Discrimination.  We may not discriminate against you because of your  exercise of any of the foregoing privacy rights, or any other rights under the California Consumer Privacy Act, including by:

  • Denying you goods or services;
  • Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
  • Providing you a different level or quality of goods or services; or
  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to McDonald's by your personal information.

5.  Requests to exercise your rights 

You may request to exercise these rights by:

As required or permitted under applicable law, please note that we may take steps to verify your identity before granting you access to information or acting on your request to exercise your rights. We may limit our response to your exercise of the above rights as permitted under applicable law. 

Metrics Regarding Privacy Requests

The following metrics relate to our handling of California rights requests in the period from January 1, 2022, to December 31, 2022.

Right to Know/Access

  • Requests Received:  228
  • Requests Completed: 221
  • Requests Not Completed*: 7
  • Median Number of Days to Complete: 35

Right to Delete

  • Requests Received: 956
  • Requests Completed: 790
  • Requests Not Completed*: 166
  • Median Number of Days to Complete: 16

Right to Opt Out of Sale or Sharing

  • Requests Received: 4254
  • Requests Completed: 4254
  • Requests Not Completed*: 0
  • Median Number of Days to Complete: 2

There were no instances of partial completion by McDonald’s.

*Requests may not be completed due to factors such as inability to verify the identity of the requestor, or because no personal information was found.

6.  Agent Authorization

You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with written permission, signed by you, to act on your behalf.  Your agent may contact us as set forth below in How to Contact McDonald’s USA” to make a request on your behalf.  Even if you choose to use an agent, as permitted by law, we may require verification of the agent’s authorization to act on your behalf, require you to confirm you have authorized the agent to act on your behalf, or require you to verify your own identity.

7. Disability Accessibility

If you are a user with a disability, or an individual assisting a user with a disability, and have difficulty accessing or navigating our digital channels – including this Privacy Statement – please contact us at accessibility@us.mcd.com.  You can also review our Accessibility Statement.

How to Contact McDonald’s USA

If you have privacy questions specific to McDonald’s USA, you can reach us at:

Privacy at McDonald's, Dept. 282
110 North Carpenter Street
Chicago, IL 60607-2101, USA
contact.privacy@us.mcd.com

Back to Top

Back to Privacy Overview

Earn points on delivery or pickup via the app

Select a delivery partner to continue
Or, please select your McDelivery option
You are leaving McDonald’s to visit a site not hosted by McDonald’s. Please review the third-party’s privacy policy, accessibility policy, and terms. McDonald’s is not responsible for the content provided by third-party sites.