Privacy Policy
Line Descending

Privacy Policy

Line Ascending

Nando's New Zealand Privacy Policy


  1. Introduction
    1. Nando’s New Zealand Limited, NNZ Restaurants Limited and the related companies of Nando’s New Zealand Limited and NNZ Restaurants Limited (collectively referred to as Nando’s, we, us or our) recognise the importance of protecting the privacy and the rights of individuals in relation to their personal information and are committed to protecting the privacy of personal information in accordance with the Privacy Act 1993 (Act).
  2. This Privacy Policy does not limit or exclude any of your rights under the Act and if you would like further information regarding the Act please visit www.privacy.org.nz.
  3. This Privacy Policy sets out Nando’s approach to handling personal information, and how each Nando’s restaurant franchise owner (a Nando’s Franchisee) is expected to handle your personal information in the operation of their individually owned Nando’s restaurant, including how we collect, use, store and keep secure, disclose and provide access to your personal information.
  4. The scope of this Privacy Policy covers the personal information handling practices of restaurants owned and operated by Nando’s in New Zealand. Nando’s does not control the collection, use, storage or disclosure of, and may not have access to, the personal information held by Nando’s Franchisees. Each Nando’s Franchisee is separately and solely responsible for ensuring that your personal information collected by them is handled in accordance with this Privacy Policy and the Act.
  5. This Privacy Policy forms part of our Online Ordering Terms of Use, the PERi-Perks Terms and Conditions and the conditions of use for the www.nandos.co.nz website (the Website) and other websites that may be operated by us from time to time, which you should also read.
  6. What is personal information?
    1. When used in this Privacy Policy, the term “personal information” has the meaning given to it in the Act. In general terms, it is any information that can be used to personally identify you. This may include your name, gender, date of birth, address, telephone number, email address and occupation.
  7. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
  8. What personal information do we collect and how is it collected?
    1. We will collect your personal information in a fair and lawful manner. Where it is possible and practical to do so, we will collect your personal information from you directly, and only to the extent that we reasonably require the personal information for one or more of our business functions or activities, to provide you with a Nando’s product or service or to determine your suitability as a Nando’s franchisee or employee (where appropriate).
  9. The kinds of personal information we may collect from you will depend on what type of interaction you have with us, which may, amongst other things, include:
    1. personal information that you provide to us when you participate in a promotion, competition, survey or market research, when you engage with us through message (e.g. SMS, MMS or other mobile service), telephone or email, when you subscribe to our mailing list, participate in our loyalty program(s) and contribute to or interact with our online forums or social media pages (e.g. Facebook, Twitter, LinkedIn or Instagram) or use the Website, Nando’s mobile application or delivery services. This information may include, for example, your full name, postal and physical address, email address, telephone numbers, age, birth date, loyalty membership details, menu preferences, previous order information, social media handles, payment methods, credit card details, photographs, Internet Protocol (IP), cookies and web beacons (described in the section titled “Cookies and Web Beacons”), demographic data and other identifying information you choose to provide;
  10. personal information that you provide to us via our restaurants when you place an order with a restaurant (in person, by telephone or through an online ordering system), purchase a gift card or logon to wi-fi provided by a restaurant. This information may include, for example, your full name, postal and physical address, email address, telephone numbers, age, birth date, loyalty membership details, menu preferences, previous order information, payment methods, credit card details, IP address, cookies and web beacons (described in the section titled “Cookies and Web Beacons”) and your demographic and other data for market research, advertising and promotional purposes;
  11. personal information that you provide to us via telephone, email, the Website, the Nando’s mobile application or in person when you make a request or enquiry or submit a compliment, complaint or feedback. This information may include, for example, your full name, postal and physical address, email address, telephone numbers, age, birth date, loyalty membership details, menu preferences, previous order information, payment methods, credit card details, photographs, IP address and cookies and web beacons (described in the section titled “Cookies and Web Beacons”);
  12. information regarding your interests, preferences, purchasing behaviour and experience with our products and services, together with any additional information necessary to deliver those products and services to you and to respond to your enquiries;
  13. information detailed in the section titled “Employment Applications” if you are applying for an employment position with Nando’s;
  14. information detailed in the section titled “Franchise Applications” if you are applying to become a franchisee with Nando’s;
  15. any additional information relating to you that you provide to us directly through our Website, the Nando’s mobile application, our online ordering system or any third-party online ordering system; and
  16. any additional information relating to you that you provide to us or our representatives directly or indirectly by accessing and using the Website, any mobile applications, social media platforms, online forums, wi-fi service or other online presence.
  17. We may collect personal information about you from third parties where you have authorised this or where the information is publicly available.
  18. We may collect information that is not personal information because it does not identify you or anyone else, for example, anonymous answers to surveys or aggregated information about how users use our Website, the Nando’s mobile application, social media platforms, online forums, wi-fi services or other online presence.
  19. Except when you are applying for an employment position with Nando’s, or to become a franchisee of Nando’s, we will not collect sensitive information about you (e.g. information about your racial or ethnic groups or political or religious beliefs) unless you have specifically consented to such collection or the collection is required by law.
  20. We will use your personal information only for the particular purpose that you provided it or a directly related purpose, where another use is required or permitted by law or with your express or implied consent.
  21. Cookies and web beacons
    1. Cookies are files that can identify you as a unique customer and store your personal preferences to tell us which site pages you have visited and in what order which allows us to recognise your devices and greet you each time you visit our Website (Cookies).
  22. We may collect your information using Cookies, technical information, technical data or similar technology where we, or our authorised third parties, send them to your computer or other devices to enhance your online experience on our Website and across the Internet by personalising your visits. We also use Cookies to analyse traffic on our Website and other Internet pages, track user trends, identify patterns and selections for authorised downloads and for technical reasons connected with your use of our Website or other Internet pages.
  23. Cookies can be either permanent (i.e. they remain on your device until you delete them) or temporary (i.e. they last only until you close your browser or device). If you do not wish to receive Cookies, you should set your browser or device so that it does not accept Cookies, however, certain areas of our Website can only be accessed with Cookies or similar devices.
  24. Web beacons (or web bugs) are small strings of code that allow graphic images to be delivered on a web page for the purpose of transferring data (e.g. the IP address of the device that downloaded the page that the web beacon appears, the Uniform Resource Locator (URL) of the page that the web beacon appears, the time the page containing the web beacon was viewed, the types of browser that fetched the web beacon and the identification number of any Cookie on the computer or device previously placed by that server) (Web Beacon).
  25. We may use Web Beacons when corresponding with you via HTML capable e-mail and to monitor your use of our Website or other Internet pages, which let us know whether you received and opened our email. By setting your web browser to display HTML emails as text only, you may be able to prevent the use of some Web Beacons.
  26. On their own, Cookies and Web Beacons do not contain or reveal any personal information. However, if you choose to provide us with personal information, it can be linked to the anonymous data stored in the Cookies and/or Web Beacons.
  27. What happens if we can’t collect your personal information?
    1. You are not required to disclose your personal information to us, and where lawful you may deal with us anonymously or using a pseudonym.
  28. If you remain anonymous, use a pseudonym or choose not to provide us with the personal information described above, we may not be able to:
    1. provide the requested products or services to you, either to the same standard or at all;
  29. provide information about products and services that you may want, including information about special promotions and offers;
  30. provide you with details, information or an appropriate response to any enquiries or requests for information that you have made; or
  31. tailor the content of our Website or other Internet pages to suit your preferences and your experience of our Website or other Internet pages may not be as enjoyable or useful.
  32. What purposes do we collect, hold, use and disclose your personal information?
    1. We collect personal information about you so that we can perform our business activities and functions and provide the best possible quality of customer service, products and services.
  33. The way we collect, hold, use and disclose your personal information depends on the reason(s) that your personal information was collected, which may, amongst other things, include:
    1. processing meal orders that you place with us in our restaurants, over the telephone, through the Website, through the Nando’s mobile application or via an online meal ordering system, providing you with our products and services and processing meal refunds and vouchers where applicable;
  34. processing orders for gift cards that you place with us in our restaurants, over the telephone or via our gift card ordering system;
  35. delivering mobile content and services to you to carry out market research, track sales data and delivery information and inform you of upcoming events, competitions and promotional activities which may be of interest to you, where you have chosen to receive mobile content and services via SMS, MMS or other similar mobile services, including the Nando’s mobile application;
  36. responding to any questions or queries you have and processing, investigating and responding to any feedback, complaint or compliment made by you;
  37. promoting and marketing our current and future products, services, promotions, offers, games, programs and competitions to you;
  38. improving the operation and navigation of our Website, other related websites, our Nando’s mobile application, social media platforms and other Internet pages and informing you of changes made to these platforms;
  39. assisting you with remembering and re-ordering from our menu in the future, developing an online customer profile and keeping your contact details up to date;
  40. obtaining opinions or comments about products and/or services from you and conducting other statistical and market research to improve our products and services;
  41. facilitating your direct and incidental use of our wi-fi services (if applicable);
  42. processing and considering your employment application (if applicable) (refer to the section titled “Employment Applications”) or your franchise application (if applicable) (refer to the section titled “Franchise Application”);
  43. facilitating our internal business operations, including fulfilment of any legal, security and regulatory requirements; and
  44. giving you information requested about franchised restaurants (where legally permitted).
  45. We may use your personal information for other purposes not listed above which will be made clear to you at the time we collect your personal information, for a directly related purpose, where you have consented to such collection, storage, use or disclosure, or for such other purposes as may be required or permitted by law.
  46. Who can we disclose your personal information to?
    1. For the purposes described above, we may disclose your personal information to, and share your personal information with, the following:
      1. Nando’s Franchisees and the officers, directors, subsidiaries, related companies and agents of Nando’s Franchisees, particularly where you place an order online via an online ordering system or mobile application or make an enquiry or complaint relating to a restaurant that is independently owned and operated by one of our Nando’s Franchisees;
    2. our officers, directors, employees, contractors, nominated representatives or agents for the purpose of operating our business, Website, mobile applications, social media pages and similar collateral, fulfilling or responding to requests or orders made by you and to provide you with our products and services;
    3. suppliers and other third parties who we have commercial relationships with for business, marketing, operational and other purposes related to the management and operation of our business and the process of providing our products and services, including but not limited to web hosting providers, data warehouses, IT systems administrators, agencies, advertisers and business partners, payment processors, data entry service providers and professional financial, legal and business advisors and consultants;
    4. our related companies;
    5. third parties where the law requires or authorises us to do so; and
    6. any organisation for any authorised purpose with your express consent.
    7. We may combine, aggregate, share or report on any personal information that we collect from you with information collected by any of our related companies both inside and outside New Zealand (refer to the section titled “Disclosing your Personal Information Overseas”).
    8. Direct marketing
      1. We may send you direct marketing communications, materials and information about our own products and services and those of our related companies that we reasonably consider may be of interest to you including by post, telephone, SMS, MMS and email in accordance with applicable laws. By providing your personal information to us, you consent to us sending you these direct marketing communications by any of these or similar methods.
    9. If you indicate your preferred method of communication to us, we will endeavour to use that preferred method whenever reasonably and commercially practical to do so. You may opt-out of receiving direct marketing communications from us at any time by contacting us (refer to the section titled “Contacting Us”) or by using the opt-out facilities provided in the direct marketing communication, and we will remove your name from our direct marketing mailing list.
    10. If you give your prior consent, we may use your personal information to send you direct marketing communications, materials and information about products and services of our selected third-party partners, on behalf those third-party partners.
    11. Online forums
      1. We may give you opportunities to engage with us through written discussions, communications, articles, posts and comments on interactive online forums and social media platforms. Material that we deem to be inappropriate or offensive, in our absolute sole discretion, will be removed from these forums and platforms.
    12. All statements and opinions expressed in the written discussions, communications, articles, posts and comments on the interactive online forums and social media platforms are those of the individual contributors and not the statements and opinion of Nando’s.
    13. We may read, collect, store, use and disclose any information that you disclose through such online forums and social media platforms, however, as these forums and platforms are publicly available, such information may also be read, collected, stored, used and disclosed by other users, the actions of whom we cannot control and therefore take no responsibility for. You should therefore use your own discretion and exercise caution when providing any information, including your personal information, on these forums and platforms.
    14. Employment applications
      1. The type of personal information we collect about applicants seeking employment with us include, but at not limited to, your full name, postal and physical addresses, telephone numbers, email address, residency status, work rights, education details, employment history, references and other information relating to your work experience and the position requirements.
    15. In considering your employment application, we may obtain personal information about you from third parties, for example your previous education institutions, employers or nominated referees. Subject to your prior consent, we may collect sensitive information about you regarding your health, capacity to work and police records.
    16. We collect your personal information when you seek employment with us for any one or more of the following purposes:
      1. assessing you for a position with us or one of our related companies;
    17. assessing whether you are suitable to progress through each stage of the recruitment process for a position with us; and/or
    18. storing your information for future employment opportunities with us.
    19. If you do not provide us with the information, including personal information and sensitive information, that we request as part of your application for employment with us, we will be unable to fulfil one or more of the purposes.
    20. We may disclose your information, including personal and sensitive information, to:
      1. your referees or previous employers;
    21. recruitment agencies, agents or contractors acting on our behalf;
    22. our related companies and Nando’s Franchisees;
    23. our related companies, employees and Nando’s Franchisees in other locations worldwide;
    24. government agencies to verify your rights to work; and
    25. law enforcement agencies to verify whether you have a criminal record.
    26. If we engage third party contractors to perform services for us, which involves the handling of your personal information, we will take reasonable steps to prevent the third-party contractor from using your personal information, except for the purpose for which it was supplied.
    27. Franchise applications
      1. The type of personal information we collect about applicants seeking a franchise from us include, but are not limited to, your full name, postal and physical addresses, telephone numbers, email address, residency status, work rights, education details, employment history, financial capacity (including income, assets, liabilities, account balances and risk profile), information relating to your business and industry qualifications and experience and references. If your application to become a franchisee of ours is successful, we will also obtain further personal information from you including your bank account details for fee payments.
    28. In considering your application to become a franchisee of ours, we may obtain personal information about you from third parties, for example your previous education institutions, employers or nominated referees and business and banking partners. Subject to your prior consent, we may collect sensitive information about you regarding your health, capacity to work, credit rating and police records.
    29. We collect your personal information when you seek a franchise from us for any one or more of the following purposes:
      1. assessing your application to become a franchisee with us or a related company;
    30. assessing whether you are suitable to progress through to each stage of our franchise recruitment process or the franchise recruitment process of a related company; and/or
    31. storing your information for future franchise opportunities.
    32. If you do not provide us with the information, including personal information and sensitive information, that we request as part of your application for a franchise from us, we will be unable to fulfil one or more of the purposes.
    33. We may disclose your information, including personal and sensitive information, to:
      1. your referees or previous employers;
    34. recruitment agencies, agents, brokers or contractors acting on our behalf;
    35. our related companies;
    36. our related companies, employees and Nando’s Franchisees in other locations worldwide;
    37. financial institutes to verify your financial capacity and position;
    38. government agencies to verify your right to work; and
    39. law enforcement agencies to verify whether you have a criminal record.
    40. If we engage third party contractors to perform services for us, which involves the handling of your personal information, we will take reasonable steps to prevent the contractor from using your personal information, except for the purpose for which it was supplied.
    41. How can you access and correct your personal information?
      1. Subject to the Act, you may request access to any personal information we hold about you that is readily retrievable by contacting us (refer to the section titled “Contacting Us”). Where we hold information that you are entitled to access pursuant to the Act, we will use reasonable endeavours to give you suitable access to your information (e.g. by posting or emailing it to you). We may charge you a reasonable administration fee to cover the costs of meeting your request however we will not charge your for making the request or for making any corrections to your personal information.
    42. There may be circumstances where we cannot grant you access to the personal information we hold (e.g. if granting access would interfere with the privacy of others or would result in a breach of confidentiality). If we are unable to grant you access to your personal information, we will give you written reasons for such refusal.
    43. If you believe that any personal information about you that we hold is incorrect, incomplete or inaccurate, you may request us to amend it by contacting us (refer to the section titled “Contacting Us”).
    44. To protect your privacy and security we will take reasonable steps to verify your identity before granting access to the personal information requested.
    45. How can you report a suspected breach of privacy?
      1. If you believe that this Privacy Policy has been breached, or your personal information has not been collected, stored, used or disclosed appropriately, please contact us in writing (refer to the section titled “Contacting Us”), and provide details of the incident so we can investigate.
    46. We require complaints about suspected breaches of this Privacy Policy to be made in writing so that we can be sure of the details and circumstances of the complaint to allow investigation.
    47. We will use reasonable endeavours to confirm with you your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will inform you whether we will investigate the complaint, and if so the name, title and contact details of the person investigating the complaint and the estimated completion date for the investigation process.
    48. After we have completed our investigation, we will advise you of the outcome and conclusions, which you may respond to with further information. If we receive a response from you with further information, we will assess the situation further and advise whether the outcome and conclusions reached have changed or whether the previous outcomes and conclusions remain.
    49. Disclosing your personal information overseas
      1. We may disclose your personal information to entities located outside of New Zealand, who require access to collect, use, store and disclose your personal information in connection with fulfilling the requirements of this Privacy Policy, including to the following:
        1. our related companies and Nando’s Franchisee’s located overseas; and
      2. other third parties supporting the general operation and management of our business and the sale of our products and services located overseas.
      3. We will take reasonable steps to ensure that the overseas recipients of your personal information do not breach the Act, this Privacy Policy and other applicable privacy obligations relating to your personal information.
      4. Security
        1. Where we store your personal information depends on what interaction(s) you have with us. Some areas and functions of our business, including but not limited to servers (e.g. mail exchange), data warehouses and databases for processing customer, franchisee and employee enquiries, comments and feedback and sending and tracking marketing communications, which are managed by us, our related companies, our Nando’s Franchisee’s or third-party contractors and suppliers, are in some circumstances managed offsite and offshore.
      5. We take reasonable steps to ensure that your personal information is protected from misuse, unauthorised access, modification, unauthorised disclosure, interference and loss.
      6. We may hold your information, including your personal information, in either electronic or hard copy form but only for as long as it is required for the purpose(s) for which it was collected your personal information, or as otherwise required by law.
      7. We will take reasonable and commercially appropriate measures to destroy or permanently de-identify your personal information once we are no longer entitled to retain it, when we no longer need it or when you request removal in writing, subject to the Act. These measures may vary depending on the type of information, the way it was collected and how it was stored.
      8. As our Website, Nando’s mobile applications, social media pages and other online presences are linked to the Internet, and the Internet can be inherently insecure, we cannot provide any assurance regarding the security of transmission of information, including your personal information or your sensitive information, if you choose to send these to us, or communicate with us, online through these or similar channels. Furthermore, we cannot guarantee that any information you choose to send us will not be intercepted while being transmitted over the Internet and therefore any personal information or other information which you transmit to us online is transmitted at your own risk.
      9. Links
        1. Our Website, Nando’s mobile applications, social media pages and other online presences may contain links to other websites, applications or pages operated by related companies or third parties which may be of interest to you. We make no representations or warranties in relation to the privacy policies of any related company or third-party website, application or page and we are not responsible for the privacy policies or the content of any related company or third-party website, application or page. Third party websites, applications and pages are responsible for informing you about their own privacy practices.
      10. We may use third-party advertisements on our Website, Nando’s mobile applications, social media pages and other online presences. Third-party advertisements are not recommendations or endorsements by us or any of our related companies or affiliates. To the extent permitted by law, Nando’s is not responsible for the content (including representations) of any third-party advertisement on the Website, Nando’s mobile applications, social media pages and other online presences. These third parties may view, edit or set their own cookies, web beacons or similar, and the use of these types of technology by such third parties is subject to their own privacy policies and is not covered by this Privacy Policy.
      11. Franchisee privacy policies
        1. A Nando’s restaurant may be owned and operated by a Nando’s Franchisee who is a separate and independent business owner.
      12. We expect Nando’s Franchisees to comply with this Privacy Policy however, as independent business owners, each Nando’s Franchisee is responsible for informing you about their own privacy practices and we make no representations or warranties in relation to the privacy practices of a Nando’s Franchisee.
      13. Changes to this Privacy Policy
        1. We may revise this Privacy Policy from time to time. Any updated version of this Privacy Policy will be posted on the Website, so please review it regularly.
      14. Your continued use of the Website, Nando’s mobile applications, social media pages, other online presences and ongoing acceptance of our products and services will be deemed acceptance of any amended Privacy Policy.
      15. Contacting us
        1. If you have any questions or comments about this Privacy Policy, please use the contact link on the Website or contact us at marketing@nandos.co.nz.
      16. We are committed to working with our customers, franchisees and applicants to obtain a fair resolution of any complaint or concern about privacy. To contact us with a query, feedback, compliment or complaint, please provide us with full details and any supporting documentation.
      17. Upon receipt of your query, feedback, compliment or complaint, we will endeavour to provide you with an initial response within 7 business days and investigate and attempt to resolve your query, feedback, compliment or complaint where necessary within 30 business days, or such longer period as is necessary given the nature of the contact and notified to you by us.

This Privacy Policy was last updated on 18 September 2020.