Privacy

McDonald’s Global Customer Privacy Statement

Last updated: August 18, 2021

I. Introduction

This Privacy Statement describes how McDonald’s in the countries listed below – collect, use, protect and share the personal information of our customers. Customers include those who visit our restaurants, use our websites and mobile apps, and otherwise interact with us.

Some of the countries in which we operate have laws that require us to share specific privacy information with our customers in those countries. As such, this Privacy Statement is comprised of two sections – a globally applicable statement and country-specific addenda for the following countries:

II. Your Privacy Globally

The data controller of your personal information is the McDonald’s entity in the jurisdiction where your personal information is collected (“we” or “us”). Please refer to the applicable country specific addendum for more information.

If you are a customer in a country not listed above, please visit the country’s McDonald’s website for the applicable Privacy Statement.

Many of our restaurants are owned and operated by franchisees, who are independent businessmen and women. This Privacy Statement does not apply to our franchisees or to websites or mobile apps that they operate. Please reference our franchisees’ privacy notices for information on how they collect and use customer information.

  1. Information We Collect
  2. How We Use The Information We Collect
  3. How We Share The Information We Collect
  4. Children's Privacy Notice
  5. Your Choices and Rights
  6. Use Of Our Online Services And Other Technology
  7. Links To Other Websites And Social Media
  8. Information Security
  9. Retention
  10. International Data Transfers
  11. Changes To Our Privacy Statement
  12. How To Contact Us

1.  Information we collect

We may collect personal information about you when you visit our restaurants, use our websites or mobile apps (“online services”), and otherwise interact with us (collectively, “services”). The information we collect falls into three categories: (a) information you provide to us; (b) information we collect through automated methods when you use our services; and (c) information we collect from other sources (read below). 

Generally, you are under no obligation to provide your personal information. However, in certain cases, we may be unable to provide you with our services unless you provide your personal information.

We may combine the information you provide to us with information that we collect through automated methods, and with information we receive from other sources. For example, when you add a method of payment to your profile in our mobile app, we may combine your profile with information we receive from our payment processors or other providers regarding transactions made with the same payment credentials in our restaurants.

We collect information you provide to us

You may provide the following information to us, depending on how you interact with us:

  • personal details, such as your name, postal and email addresses, phone number, birthday information and other contact information, when you register with our online services, log-in to Wi-Fi, enter one of our competitions, or contact us by phone or through our online services;
  • demographic information such as age or gender;
  • transaction information, including information about the products you buy, prices, method of payment and payment details;
  • account information, such as your username or password (or anything else that identifies you) used to access our online services or to buy or use our products and services;
  • profile information, including products and services you like, or times you prefer to visit us; and
  • other personal information you choose to provide us when you interact with us (including through social media).

We collect information through automated methods

We may use automated technology to collect information from your computer system or mobile device when you visit our restaurants, use our online services, or in-restaurant technology. Automated technology may include cookies, local shared objects, and web beacons. There is more information below about cookies and other technologies in Section 6.

We may collect information about your:

  • internet protocol (IP) address;
  • computer or mobile-device operating system and browser type;
  • type of mobile device and its settings;
  • unique device identifier (UDID) or mobile equipment identifier (MEID) of your mobile device;
  • device and component serial numbers;
  • advertising identifiers (for example, an Identifier for Advertising (IDFA) on Apple devices) or similar identifiers;
  • referring webpage (a page that has led you to ours) or application;
  • online activity on other websites, applications or social media;
  • visits to our restaurants, where recorded using digital technology (e.g. video recordings); and
  • activity related to how you use our online services or in-restaurant technology, such as the pages you visit on our websites or in our mobile apps.

Our online services and in-restaurant technology may collect information about the exact location of your mobile device or computer using geolocation and technology such as GPS, Wi-Fi, Bluetooth, or cell tower proximity.  For most mobile devices and computer systems, you can disable the collection of this information by using the device or web-browser settings.  If you have any questions about how to prevent us from collecting exact information about your location, we recommend you contact your mobile-device service provider, the device manufacturer, or your web-browser provider.  Some online services and in-restaurant technology may not work properly without information about your location.

We collect information from other sources

We may collect information about you from our business partners and vendors (e.g., food delivery platforms, data providers, or payment processors) or from public sources (e.g., your public social media posts).

Back to Top

Back to Privacy Overview

2. How We Use the Information We Collect

We use the information we collect for the following purposes:

  • to provide our products and services and contract with you, including payment processing and customer support;
  • to manage our relationship with you, including feedback management and for customer surveys;
  • to personalize and improve our products and services and your overall customer experience, in particular by improving our existing technologies and developing new products and services and employing profiling technology (unless we notify you separately thereof, this will not include automated individual decisions that have legal effects for you or similarly significantly affect you); 
  • to provide you with general and personalized electronic and non-electronic direct marketing information and support our targeted advertising initiatives concerning our products and services as well as our business partners’ products and services (including promotions, contests, prize draws, competitions, and sweepstakes);
  • business analytics, including consumer and operations research, to assess the effectiveness of our sales, online service, marketing, and advertising, and to analyze market trends and (future) customer demand;
  • to ensure the security of our online services and in-restaurant technology, including the detection, prevention, and investigation of attacks;
  • to protect against, identify and prevent fraud and other crime, claims and other liabilities;
  • to protect the rights, safety, health, and security of our customers, our employees, our franchisees, and the general public, and to protect our property; 
  • to anonymize your information for further internal and external use in a manner that does not identify you;
  • to comply with legal obligations and our Standards of Business Conduct; and
  • to establish, exercise or defend a legal claim; 

We may use the information we collect about you in other ways, which we will tell you about at the time we collect it or before we begin using it for those other purposes.

If we are established in the EU or the European Economic Area (“EEA”) or are otherwise subject to the General Data Protection Regulation (“GDPR”), we process your personal information on the basis of

  • the necessity to perform a contract we have concluded with you or the necessity to take steps at your request prior to entering into such a contract (Article 6(1)(b) GDPR);
  • our prevailing legitimate interest to personalize and improve your overall customer experience and achieve the purposes set out above (Article 6(1)(f) GDPR);
  • the necessity to comply with legal obligations to which we are subject (Article 6(1)(c) GDPR); or in some cases,
  • your consent for which we may ask you in a separate process (Article 6(1)(a) GDPR).

Back to Top

Back to Privacy Overview

3. How We Share the Information We Collect

We do not sell your personal information and only share your information as described in this Privacy Statement or as otherwise communicated to you at the time we collect your information. Please note that some US state statutes may define a “sale” to include sharing of personal information with third parties for valuable consideration.  Many companies have common arrangements with online advertising networks and analytics companies that may potentially be considered sales under these definitions.  Please reference our Additional Notice for California Consumers in the US Country Specific Addendum (below) for more information.

We may share your personal information with:

  • members of the McDonald's Family: The McDonald's Family consists of McDonald’s Corporation and McDonald’s Global Markets LLC, and their affiliates, and subsidiaries (“McDonald’s Entities”), and franchisees of McDonald’s Entities;
  • vendors who help us operate our business (including information technology service providers and marketing agencies that we use as well as those who use the information to detect or prevent fraud for us, and who may use the information to provide fraud detection and prevention services to others);
  • public authority and courts;
  • buyers or other parties involved in a corporate transaction if we decide to sell or transfer all or part of our business;
  • our professional advisers such as our legal representatives, auditors and insurance brokers; and
  • business partners if they are involved in your customer experience, including product or service delivery (e.g., food delivery platforms).

Back to Top

Back to Privacy Overview

4. Children's Privacy Notice

We understand how important it is to protect your privacy when you use our online services. We are especially committed to protecting the privacy of children who visit or use our online services. For more information on how a specific country protects children’s privacy, please review the country specific addendum.

We urge parents to regularly monitor and supervise their children's online activities. If you have any questions about our children’s privacy practices, please contact us at our Global or Local Data Protection Office using the contact information provided below. If you are contacting a Local Data Protection Office, please choose the office in the country in which you are a customer.

Back to Top

Back to Privacy Overview

5. Your Choices and Rights

Marketing Communications

If you are subscribed to our marketing communications, you can later opt out by following the opt-out instructions in the marketing communications we send you. You can also generally find your communication preferences with instructions on how to opt out in the profile section of the online services that you use. You may also have the ability to change your communication preferences using your device settings. You can also opt out by contacting us at our Global or Local Data Protection Office using the contact information provided below. If you are contacting a Local Data Protection Office, please choose the office in the country in which you are a customer.

If you do opt out of receiving marketing communications from us, we may still send communications to you about your transactions, any accounts you have with us, and any contests, competitions, prize draws or sweepstakes you have entered. Opting out of one form of communication does not mean you have opted out of other forms as well. For example, if you opt out of receiving marketing emails, you may still receive marketing text messages if you have opted in to receiving them. Please note that if you are receiving communications from a McDonald’s franchisee, then you will need to opt out from them directly.

We do not share personal information with third parties for their own direct marketing purposes, unless you give us permission to do so. When we give you notice, and you consent, we will share your personal information as you direct us to.

Your Personal Information Rights

Under applicable law, you may have the rights (under the conditions and to the extent set out in applicable law):

  • to check whether and what kind of personal information we hold about you and to access or to request copies of such data;
  • to request correction, supplementation, anonymization, blocking or deletion of information about you that is inaccurate, incomplete, outdated, unnecessary, excessive or processed in non-compliance with applicable requirements;
  • to request the restriction of the collection, processing or use of information about you;
  • in certain circumstances, to object for legitimate reasons to the processing of your information or to revoke consent previously granted for the processing while the latter does not affect the lawfulness of processing before the revocation;
  • to request data portability; and
  • to lodge a complaint with the competent authority.

For more information regarding these rights, and the countries where these rights are available, please see the country specific addendum. You can also visit the GDPR Rights Center or the CCPA Rights Center, as applicable.

Back to Top

Back to Privacy Overview

6. Use of Our Online Services and Other Technology

We and our vendors may use cookies, web beacons and other similar technologies on our online services and in other areas related to our business, such as online advertising, to collect information and provide you with the services or products that you have requested.

Cookies and other technologies

A “cookie” is a small text file that is placed onto an Internet user’s web browser or device and is used to remember and/or obtain information about the user.

A “web beacon” is a small object or image that is embedded into a web page, application, or email and is used to track activity. They are also sometimes referred to as pixels and tags.

Please note the following:

  • You might be assigned a cookie when using our online services.
  • We offer certain features that are available only through the use of cookies and other similar technologies.
  • We may use both session (for the duration of your visit) and persistent (for the duration of a fixed period of time) cookies and other tracking technologies.
  • Our online services and other areas related to our business may have web beacons.

Both we and selected third parties (such as our advertising networks) may use these technologies to collect information about your online activities, over time and across third-party websites and devices, and when using our online services to further personalize your experience with us.

Use the options in your web browser if you do not wish to receive a cookie or if you wish to set your browser to notify you when you receive a cookie. Select the “Help” section of your browser to learn how to change your cookie preferences. If you disable all cookies, you may not be able to take advantage of all the features available on a website.

Some newer web browsers may have a "Do Not Track" preference that transmits a "Do Not Track" header to the websites you visit with information indicating that you do not want your activity to be tracked. McDonald’s does not currently take actions to respond to Do Not Track signals because a uniform technological standard has not yet been developed. We continue to review new technologies and may adopt a standard once one is created.

More information regarding how cookies and related technologies are used in a country in which you are a customer may be available in the country-specific addendum or a cookie preferences section of the online service.

Targeted advertising

When you use our online services, we (and our vendors) may collect information about your activities so that we can provide you with advertising tailored to your interests.

Because we utilize advertising (“ad”) networks, you may see certain ads on other websites. Ad networks allow us to target the information we send you based on your interests, other information related to you, and contextual means. These ad networks track your online activities over time by collecting information through use of cookies, web beacons, and other technologies. The ad networks use this information to show you advertisements that may be of particular interest to you. The ad networks we utilize may collect information about your visits to websites that also take part in the relevant ad network, such as the pages or advertisements you view and how you use the websites. We use this information, both on our online services and on third-party websites that take part in the ad networks, to provide you with advertising tailored to you, and to help us assess how effective our marketing is.

You can opt out of targeted advertising by visiting the Digital Advertising Alliance website or the Network Advertising Initiative website . If you choose to opt out, you will continue to receive advertisements but they will not be tailored to your interests. Please refer to the country-specific addendum or a cookie preferences section of the online service for further information on your choices concerning target advertising. Moreover, depending on the type and version of the operating system of your mobile device, you may also be asked whether to enable targeted advertising.

Back to Top

Back to Privacy Overview

7. Links to Other Websites and Social Media

Our online services may offer links to websites that are not run by us but by third parties. If you visit one of these linked websites, you should read the website’s privacy policy, terms and conditions, and their other policies. We are not responsible for the policies and practices of third parties. Any information you give to those organizations is dealt with under their privacy policy, terms and conditions, and other policies.

We may also have providers of other apps, tools, widgets and plug-ins (“Plug-Ins”) on our online services, such as Facebook “Like” buttons, which may also use automated methods to collect information about how you use these features. These organizations may use your information in line with their own privacy policies. Please refer to the country-specific addendum for further information on your choices concerning such Plug-Ins.

Back to Top

Back to Privacy Overview

8. Information Security

We are committed to taking appropriate measures designed to keep your personal information secure.  Our technical, organizational and physical measures are designed to protect personal information from accidental, unlawful or unauthorized loss, access, disclosure, use, alteration, or destruction.  While we make efforts to protect our information systems, no website, mobile application, computer system, or transmission of information over the internet or any other public network can be guaranteed to be 100% secure.

Back to Top

Back to Privacy Overview

9. Retention

We keep your information for the length of time needed to carry out the purposes outlined in this Privacy Statement and to adhere to our policies on keeping records (unless a longer period is needed by law). Our records policies reflect applicable laws. We will retain and use your information to the extent necessary to manage your relationship with us, personalize and improve your overall customer experience, and to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, enforce our agreements, and as otherwise described in this Statement.

Back to Top

Back to Privacy Overview

10. International Data Transfers

The McDonald’s Family is global in nature with business processes, management structures and technical systems that cross borders. As such, we may share information about you within the McDonald’s Family and transfer it to countries in the world where our vendors or members of the McDonald’s Family are established. Any international data transfers will be in accordance with this Privacy Statement and in compliance with applicable laws.

If we are established in Switzerland or in the EU/EEA or are otherwise subject to the GDPR or similar laws, we only transfer your personal information to countries that are considered by those laws to provide an adequate level of protection or otherwise where we have established or confirmed that all data recipients will provide an adequate level of data protection, in particular by way of entering into appropriate data transfer agreements based on Standard Contractual Clauses (e.g., Commission Implementing Decision (EU) 2021/914) and other suitable measures, which are accessible from us upon request. 

McDonald’s Corporation and McDonald’s Global Markets LLC’s participation in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

On 16 July 2020, the European Court of Justice ruled that the Commission Implementing Decision (EU) 2016/1250 on the adequacy of the protection provided by the EU-US Privacy Shield is invalid.

Notwithstanding the above, McDonald’s Corporation and McDonald’s Global Markets LLC, a wholly-owned subsidiary, participate in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”) administered by the U.S. Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and Switzerland. For purposes of this Privacy Shield section only, McDonald’s Corporation and McDonald’s Global Markets LLC are each individually and collectively referred to as “McDonald’s Global”. McDonald’s Global’s participation in the Privacy Shield subjects it to the investigatory and enforcement power of the Federal Trade Commission. You can view a complete list of all Privacy Shield participants, including McDonald’s Global, at the Privacy Shield participant's page.

As a Privacy Shield participant, McDonald’s Global is committed to and has certified that it adheres to the Privacy Shield Principles for all personal information received from the European Union and Switzerland in reliance on the Privacy Shield. Please note the following:

  • McDonald’s Global may share personal information that is subject to the Privacy Shield Principles with vendors who provide services to it, as described above in Section 3. McDonald’s Global may be liable under the Privacy Shield if these vendors process such personal information in a manner inconsistent with the Privacy Shield and McDonald’s Global is responsible for the event giving rise to the damage.
  • McDonald’s Global may disclose personal information received in reliance on the Privacy Shield in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • You have the right to request access to personal information received by McDonald’s Global in reliance on the Privacy Shield, and to exercise choice in limiting McDonald’s Global use and disclosure of such information. If you are interested in exercising your right and choice, please contact McDonald’s Global at the address, phone number or email address below.

McDonald’s Global privacy practices are provided in this Privacy Statement. McDonald’s Global encourages you to contact it at any time with questions, concerns or complaints about its privacy practices and participation in the Privacy Shield; simply use the address, phone number or email address provided below. You may also refer a complaint to your local data protection authority and McDonald’s Global will work with them to resolve your concern.

If McDonald’s Global is unable to resolve your concern regarding your personal information received by McDonald’s Global under the Privacy Shield, you have the right to direct your unresolved concern to JAMS, an independent dispute resolution service based in the United States, to provide recourse at no charge to you. To seek recourse for an unresolved concern, visit JAMS' Privacy Shield Dispute Resolution page . If JAMS is unable to resolve your concern, you may have the right to invoke binding arbitration under certain conditions. To learn more about this option, visit the Privacy Shield "How to Submit a Complaint" page.

Please note that the foregoing processes apply only to the resolution of disputes regarding personal information received by McDonald’s Global under the Privacy Shield. All other disputes that you may have with McDonald’s Global or any other members of the McDonald’s Family, or any agents, representatives, agencies, officers, directors, or employees, must be resolved in accordance with the terms and conditions of any applicable websites, mobile apps, email newsletters, email subscriptions or other digital properties owned or controlled by a member of the McDonald’s Family.

For more information about the Privacy Shield program, and to view McDonald’s Global certification, please visit the Privacy Shield website.

Back to Top

Back to Privacy Overview

11. Changes To Our Privacy Statement

This Privacy Statement is in effect as of the date noted at the top of the statement.  We may change this Privacy Statement from time to time.  If we do, we will post the revised version here and change the “last updated date” (the date it applies from) at the top of the statement and/or contact you directly where we deem appropriate to do so under applicable law. You should check here regularly for the most up-to-date version of the statement.

Back to Top

Back to Privacy Overview

12. How To Contact Us

In line with our Standards of Business Conduct, we hold ourselves to ethical standards when it comes to data privacy and protection and we welcome any feedback or questions you may have concerning the collection and processing of your personal data. Our contact details and those of our Local Data Protection Office as well as the contact details of our data protection officer, if appointed, can be found in the country specific addendum. To exercise your rights under the GDPR, please visit the GDPR Rights Center.

The McDonald’s Global Data Protection Office can be reached at
Attention: Global Data Protection Office
Privacy at McDonald's, Dept. 282
110 North Carpenter Street
Chicago, IL 60607-2101, USA
contact.privacy@us.mcd.com

McDonald’s Corporation has appointed a data protection officer who can be reached at:
Attention: Data Protection Officer
Privacy at McDonald's, Dept. 282
110 North Carpenter Street
Chicago, IL 60607-2101, USA
contact.privacy@us.mcd.com

Back to Top

Back to Privacy Overview

United States

Last updated: August 18, 2021

McDonald’s USA is committed to protecting the information of our customers. The below is meant to provide additional information regarding our privacy practices in the United States.

Children’s Privacy Notice

We do not knowingly collect personal information through our online services from children under the age of 13. We may offer certain features on our online services, such as games, coloring activities, and digital books, that children can use without providing any personal information. In the future, should we decide to collect personal information from children under 13 through our online services, we will do so in compliance with applicable law, including any notices to and obtaining any consents from parents or guardians that are required by law.

We urge parents to regularly monitor and supervise their children's online activities. If you have any questions about our children’s privacy practices, please contact us at:

Privacy at McDonald's, Dept. 282
110 North Carpenter Street
Chicago, IL 60607-2101, USA
contact.privacy@us.mcd.com

Notice to California residents under 18 years of age

If you are a registered user of online services under the age of 18, and we have actual knowledge of your age, then under California law you may request and obtain removal of certain content or information you have posted on our online services. To do so, please contact us at the address, phone number or email address below. Please note that removal does not ensure complete or comprehensive removal of the content. For example, removal may not be possible or permitted if another provision of law requires the content to be maintained, if it was posted or reposted by others, or if we paid compensation to you in exchange for the posting.

Additional Notice for California Consumers

This part of our Privacy Statement applies to consumers who reside in the State of California.

1.  Personal information we collect about California consumers

We describe the personal information we have collected about California consumers in the twelve (12) months preceding the “Last Updated” date of this Privacy Statement in the part titled, “Information we collect.” The information we have obtained includes the following:

  • Identifiers such as name, postal and email addresses, internet protocol (IP) address, social media handles, username, password and other contact information used to register and access McDonald’s products and services, log-in to Wi-Fi, enter one of our competitions, or contact us by phone or through our online services. The following categories of personal information described in California Civil Code § 1798.80(e):
    • the personal information listed in the preceding bullet point as “identifiers;”
    • signatures;
    • telephone number;
    • payment information (including payment card details or online payment services number and invoicing address) and financial information (such as bank account numbers);
    • physical characteristics or description; and
    • the other information that identifies, relates to, describes, or is capable of being associated with, a particular individual that we describe in “Information we collect.” 
  • Commercial information, including
    • records of products or services purchased or received from McDonald’s;
    • username, password, or other account information used to obtain access to McDonald’s online services;
    • information on actions taken on McDonald’s websites or mobile apps, which may include information about McDonald’s products or services considered and the times you visit our websites or use or mobile apps; and
    • information about consumer preferences and behavior that we collect on our websites and mobile apps or purchase from third parties in order to target consumers for digital advertisements or to personalize content we deliver on our websites and mobile apps.
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement, as well as the information listed above in the section titled “Information we Collect:”
    • computer or mobile-device operating system and browser type;
    • type of mobile device and its settings;
    • unique device identifier (UDID) or mobile equipment identifier (MEID) for your mobile device;
    • device and component serial numbers;
    • advertising identifiers (for example, IDFAs and IFAs) or similar identifiers;
    • referring website (a site that has led you to ours) or application;
    • online activity on other websites, applications or social media; and
    • activity related to how you use our online services, such as the pages you visit on our sites or in our mobile apps.
  • Geolocation data.
  • Characteristics of protected classifications under California or federal law, such as demographic information like age or gender.
  • Audio information from calls placed with customer service centers which may be recorded, and electronic information in the form of Internet or other electronic network activity information as described above.  When you visit our restaurants, we may also capture video information via CCTV cameras that help us monitor restaurant safety.
  • Inferences drawn from
    • the information we collect when you visit our websites, use our apps, interact with our official social media pages, or otherwise interact with us;
    • information we collect, including through third-party suppliers, regarding content and other data posted on the Internet (such as public locations on the Internet); and
    • information about consumer preferences and behavior that we collect on our websites and mobile apps or purchase from third parties in order to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.

We collect this personal information directly from you when you provide information to us, for example, when registering for or using our online services, logging into Wi-Fi, using our in-restaurant digital channels, entering one of our competitions, or contacting us; from your computer system or mobile device when you use our online services, visit our restaurants, or use in-restaurant technologies; from other companies and organizations, such as our advertising agency partners, social media networks, data brokers, payment processors, and other providers and from publicly available sources.  For more information, please review “Information we collect.

2. Use of personal information

We use the personal information we collect about California consumers for the business purposes disclosed within our Privacy Statement.  For more information, please review “How We Use the Information We Collect.

The business purposes for which we may use personal information about California consumers include:

  • Audits and reporting relating to particular transactions and interactions, including online interactions, you may have with us or others on our behalf;
  • Detecting and protecting against security incidents, and malicious, deceptive, fraudulent or illegal activity, and prosecuting the same;
  • Debugging to identify and repair errors in our systems;
  • Short-term, transient use including contextual customization of ads;
  • Providing services on our behalf or on behalf of another, including maintaining or servicing accounts, providing customer service, fulfilling transactions, verifying identity information, processing payments, and other services. This includes:
    • Conducting internal research to develop and demonstrate technology; and
    • Conducting activity to verify, enhance, and maintain the quality or safety of services or devices which we may own, control, or provide.

We may also use the information we collect for our own or our service providers’ other operational purposes, purposes for which we provide you additional notice, purposes disclosed elsewhere in this Privacy Statement, or for purposes compatible with the context in which the personal information was collected.

3.  Disclosures of personal information

As is common practice among businesses that operate Internet websites and mobile apps, within the past 12 months, we may have shared certain identifiers such as email addresses and pseudonymized identifiers, information about the use of our websites and apps, and inferences drawn about you to our social media, advertising, and analytics partners.  Under certain state laws, this may be considered to be a sale of personal information for consideration.  We do not disclose personal information of individuals we know to be under the age of 16 to other businesses or third parties for consideration.

We have disclosed personal information in all or substantially all of the categories identified in this Additional Notice for California Consumers to members of the McDonald’s Family, vendors who provide services to us, in connection with a sale or transfer of all or part of our business, and as otherwise provided in “How we share the information we collect” and “How do you share personal information?”

4.  Your California privacy rights

If you are a California resident, you have the following rights.  We will honor requests received to the extent required by applicable law and within the time provided by law.

a.  Right to Access, Right to Know, and Right to Deletion

  • Right to Access and Right to Know regarding Personal Information.  You have the right to request that we disclose the following to you, in each case in the twelve-month period preceding your request:
    • the categories of Personal Information we have collected about you;
    • the categories of sources from which the Personal Information is collected;
    • our business or commercial purpose for collecting or selling Personal Information; 
    • the categories of third parties with whom we share Personal Information; and
    • the specific pieces of information we have collected about you. 
    • the categories of personal information about you, if any, that we have disclosed for monetary or other valuable consideration and the categories of third parties to which we have disclosed the information, by category or categories of personal information for each third party to which we disclosed the personal information; and
    • the categories of personal information about you that we disclosed for a business purpose.
  • Right to Deletion of Personal Information.  You have the right to request that we delete Personal Information about you that we have collected from you.

For requests made in connection with the Right of Access, Right to Know, and/or Right of Deletion, please note:

  • as required under applicable law, we must take steps to verify your request before we can provide personal information to you, delete personal information, or otherwise process your request.  To verify your request, you must provide your name, email address, and state of residence, and you may also have the option to provide you phone number.  If we believe we need further information to verify your request as required by law, we may ask you to provide additional information to us.
  • we will process your request within 45 days after receipt of a verifiable request, unless
    we notify you that we require additional time to respond, in which case we will respond within such additional period of time required by law.  If your request involves us providing personal information to you, we may deliver the personal information to you through your account, if you maintain an account with McDonald’s, or electronically or by mail at your option.  If electronically, then we will deliver the information in a portable and, to the extent technically feasible, in a readily useable format that allows you to transmit the information from one entity to another without hindrance.

b.  Right to Opt Out.  You have the right to opt out of the disclosure of personal information about you for consideration. Select Do Not Sell My Info to be directed to an interactive form through which you may submit an online request to opt-out. To opt-out of collection of information by analytics, advertising, and social media partners, you can use our preferences management tool on www.mcdonalds.com, and also visit the opt-out tools provided by the Network Advertising Alliance and the Digital Advertising Alliance.

c.  Right to Non-Discrimination.  We may not discriminate against you because of your  exercise of any of the foregoing privacy rights, or any other rights under the California Consumer Privacy Act, including by:

  • Denying you goods or services;
  • Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
  • Providing you a different level or quality of goods or services; or
  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to McDonald's by your personal information.

5.  Requests to exercise your rights 

You may request to exercise these rights by:

  • Submitting a request through CCPA Rights Center
  • Calling us toll-free at 888-511-9903. 

As required or permitted under applicable law, please note that we may take steps to verify your identity before granting you access to information or acting on your request to exercise your rights. We may limit our response to your exercise of the above rights as permitted under applicable law. 

6.  Agent Authorization

You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with written permission, signed by you, to act on your behalf.  Your agent may contact us as set forth below in How to Contact McDonald’s USA” to make a request on your behalf.  Even if you choose to use an agent, as permitted by law, we may require verification of the agent’s authorization to act on your behalf, require you to confirm you have authorized the agent to act on your behalf, or require you to verify your own identity.

7. Disability Accessibility

If you are a user with a disability, or an individual assisting a user with a disability, and have difficulty accessing or navigating our digital channels – including this Privacy Statement – please contact us at accessibility@us.mcd.com.  You can also review our Accessibility Statement.

Do Not Track

Please note that our Web sites and mobile apps are not designed to respond to "do not track" requests from Web browsers.

How to Contact McDonald’s USA

If you have privacy questions specific to McDonald’s USA, you can reach us at:

Privacy at McDonald's, Dept. 282
110 North Carpenter Street
Chicago, IL 60607-2101, USA
contact.privacy@us.mcd.com

Back to Top

Back to Privacy Overview

United States

Last updated: August 18, 2021

McDonald’s USA is committed to protecting the information of our customers. The below is meant to provide additional information regarding our privacy practices in the United States.

Children’s Privacy Notice

We do not knowingly collect personal information through our online services from children under the age of 13. We may offer certain features on our online services, such as games, coloring activities, and digital books, that children can use without providing any personal information. In the future, should we decide to collect personal information from children under 13 through our online services, we will do so in compliance with applicable law, including any notices to and obtaining any consents from parents or guardians that are required by law.

We urge parents to regularly monitor and supervise their children's online activities. If you have any questions about our children’s privacy practices, please contact us at:

Privacy at McDonald's, Dept. 282
110 North Carpenter Street
Chicago, IL 60607-2101, USA
contact.privacy@us.mcd.com

Notice to California residents under 18 years of age

If you are a registered user of online services under the age of 18, and we have actual knowledge of your age, then under California law you may request and obtain removal of certain content or information you have posted on our online services. To do so, please contact us at the address, phone number or email address below. Please note that removal does not ensure complete or comprehensive removal of the content. For example, removal may not be possible or permitted if another provision of law requires the content to be maintained, if it was posted or reposted by others, or if we paid compensation to you in exchange for the posting.

Additional Notice for California Consumers

This part of our Privacy Statement applies to consumers who reside in the State of California.

1.  Personal information we collect about California consumers

We describe the personal information we have collected about California consumers in the twelve (12) months preceding the “Last Updated” date of this Privacy Statement in the part titled, “Information we collect.” The information we have obtained includes the following:

  • Identifiers such as name, postal and email addresses, internet protocol (IP) address, social media handles, username, password and other contact information used to register and access McDonald’s products and services, log-in to Wi-Fi, enter one of our competitions, or contact us by phone or through our online services. The following categories of personal information described in California Civil Code § 1798.80(e):
    • the personal information listed in the preceding bullet point as “identifiers;”
    • signatures;
    • telephone number;
    • payment information (including payment card details or online payment services number and invoicing address) and financial information (such as bank account numbers);
    • physical characteristics or description; and
    • the other information that identifies, relates to, describes, or is capable of being associated with, a particular individual that we describe in “Information we collect.” 
  • Commercial information, including
    • records of products or services purchased or received from McDonald’s;
    • username, password, or other account information used to obtain access to McDonald’s online services;
    • information on actions taken on McDonald’s websites or mobile apps, which may include information about McDonald’s products or services considered and the times you visit our websites or use or mobile apps; and
    • information about consumer preferences and behavior that we collect on our websites and mobile apps or purchase from third parties in order to target consumers for digital advertisements or to personalize content we deliver on our websites and mobile apps.
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement, as well as the information listed above in the section titled “Information we Collect:”
    • computer or mobile-device operating system and browser type;
    • type of mobile device and its settings;
    • unique device identifier (UDID) or mobile equipment identifier (MEID) for your mobile device;
    • device and component serial numbers;
    • advertising identifiers (for example, IDFAs and IFAs) or similar identifiers;
    • referring website (a site that has led you to ours) or application;
    • online activity on other websites, applications or social media; and
    • activity related to how you use our online services, such as the pages you visit on our sites or in our mobile apps.
  • Geolocation data.
  • Characteristics of protected classifications under California or federal law, such as demographic information like age or gender.
  • Audio information from calls placed with customer service centers which may be recorded, and electronic information in the form of Internet or other electronic network activity information as described above.  When you visit our restaurants, we may also capture video information via CCTV cameras that help us monitor restaurant safety.
  • Inferences drawn from
    • the information we collect when you visit our websites, use our apps, interact with our official social media pages, or otherwise interact with us;
    • information we collect, including through third-party suppliers, regarding content and other data posted on the Internet (such as public locations on the Internet); and
    • information about consumer preferences and behavior that we collect on our websites and mobile apps or purchase from third parties in order to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.

We collect this personal information directly from you when you provide information to us, for example, when registering for or using our online services, logging into Wi-Fi, using our in-restaurant digital channels, entering one of our competitions, or contacting us; from your computer system or mobile device when you use our online services, visit our restaurants, or use in-restaurant technologies; from other companies and organizations, such as our advertising agency partners, social media networks, data brokers, payment processors, and other providers and from publicly available sources.  For more information, please review “Information we collect.

2. Use of personal information

We use the personal information we collect about California consumers for the business purposes disclosed within our Privacy Statement.  For more information, please review “How We Use the Information We Collect.

The business purposes for which we may use personal information about California consumers include:

  • Audits and reporting relating to particular transactions and interactions, including online interactions, you may have with us or others on our behalf;
  • Detecting and protecting against security incidents, and malicious, deceptive, fraudulent or illegal activity, and prosecuting the same;
  • Debugging to identify and repair errors in our systems;
  • Short-term, transient use including contextual customization of ads;
  • Providing services on our behalf or on behalf of another, including maintaining or servicing accounts, providing customer service, fulfilling transactions, verifying identity information, processing payments, and other services. This includes:
    • Conducting internal research to develop and demonstrate technology; and
    • Conducting activity to verify, enhance, and maintain the quality or safety of services or devices which we may own, control, or provide.

We may also use the information we collect for our own or our service providers’ other operational purposes, purposes for which we provide you additional notice, purposes disclosed elsewhere in this Privacy Statement, or for purposes compatible with the context in which the personal information was collected.

3.  Disclosures of personal information

As is common practice among businesses that operate Internet websites and mobile apps, within the past 12 months, we may have shared certain identifiers such as email addresses and pseudonymized identifiers, information about the use of our websites and apps, and inferences drawn about you to our social media, advertising, and analytics partners.  Under certain state laws, this may be considered to be a sale of personal information for consideration.  We do not disclose personal information of individuals we know to be under the age of 16 to other businesses or third parties for consideration.

We have disclosed personal information in all or substantially all of the categories identified in this Additional Notice for California Consumers to members of the McDonald’s Family, vendors who provide services to us, in connection with a sale or transfer of all or part of our business, and as otherwise provided in “How we share the information we collect” and “How do you share personal information?”

4.  Your California privacy rights

If you are a California resident, you have the following rights.  We will honor requests received to the extent required by applicable law and within the time provided by law.

a.  Right to Access, Right to Know, and Right to Deletion

  • Right to Access and Right to Know regarding Personal Information.  You have the right to request that we disclose the following to you, in each case in the twelve-month period preceding your request:
    • the categories of Personal Information we have collected about you;
    • the categories of sources from which the Personal Information is collected;
    • our business or commercial purpose for collecting or selling Personal Information; 
    • the categories of third parties with whom we share Personal Information; and
    • the specific pieces of information we have collected about you. 
    • the categories of personal information about you, if any, that we have disclosed for monetary or other valuable consideration and the categories of third parties to which we have disclosed the information, by category or categories of personal information for each third party to which we disclosed the personal information; and
    • the categories of personal information about you that we disclosed for a business purpose.
  • Right to Deletion of Personal Information.  You have the right to request that we delete Personal Information about you that we have collected from you.

For requests made in connection with the Right of Access, Right to Know, and/or Right of Deletion, please note:

  • as required under applicable law, we must take steps to verify your request before we can provide personal information to you, delete personal information, or otherwise process your request.  To verify your request, you must provide your name, email address, and state of residence, and you may also have the option to provide you phone number.  If we believe we need further information to verify your request as required by law, we may ask you to provide additional information to us.
  • we will process your request within 45 days after receipt of a verifiable request, unless
    we notify you that we require additional time to respond, in which case we will respond within such additional period of time required by law.  If your request involves us providing personal information to you, we may deliver the personal information to you through your account, if you maintain an account with McDonald’s, or electronically or by mail at your option.  If electronically, then we will deliver the information in a portable and, to the extent technically feasible, in a readily useable format that allows you to transmit the information from one entity to another without hindrance.

b.  Right to Opt Out.  You have the right to opt out of the disclosure of personal information about you for consideration. Select Do Not Sell My Info to be directed to an interactive form through which you may submit an online request to opt-out. To opt-out of collection of information by analytics, advertising, and social media partners, you can use our preferences management tool on www.mcdonalds.com, and also visit the opt-out tools provided by the Network Advertising Alliance and the Digital Advertising Alliance.

c.  Right to Non-Discrimination.  We may not discriminate against you because of your  exercise of any of the foregoing privacy rights, or any other rights under the California Consumer Privacy Act, including by:

  • Denying you goods or services;
  • Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
  • Providing you a different level or quality of goods or services; or
  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to McDonald's by your personal information.

5.  Requests to exercise your rights 

You may request to exercise these rights by:

  • Submitting a request through CCPA Rights Center
  • Calling us toll-free at 888-511-9903. 

As required or permitted under applicable law, please note that we may take steps to verify your identity before granting you access to information or acting on your request to exercise your rights. We may limit our response to your exercise of the above rights as permitted under applicable law. 

6.  Agent Authorization

You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with written permission, signed by you, to act on your behalf.  Your agent may contact us as set forth below in How to Contact McDonald’s USA” to make a request on your behalf.  Even if you choose to use an agent, as permitted by law, we may require verification of the agent’s authorization to act on your behalf, require you to confirm you have authorized the agent to act on your behalf, or require you to verify your own identity.

7. Disability Accessibility

If you are a user with a disability, or an individual assisting a user with a disability, and have difficulty accessing or navigating our digital channels – including this Privacy Statement – please contact us at accessibility@us.mcd.com.  You can also review our Accessibility Statement.

Do Not Track

Please note that our Web sites and mobile apps are not designed to respond to "do not track" requests from Web browsers.

How to Contact McDonald’s USA

If you have privacy questions specific to McDonald’s USA, you can reach us at:

Privacy at McDonald's, Dept. 282
110 North Carpenter Street
Chicago, IL 60607-2101, USA
contact.privacy@us.mcd.com

Back to Top

Back to Privacy Overview