Nando's New Zealand Privacy Policy

1. Introduction

1.1 Thank you for visiting the http://www.nandos.co.nz website (the “Website”). Nando’s New Zealand Limited, NNZ Restaurants Limited and their related companies (collectively referred to as “Nando’s”, “we”, “us” or “our”) recognise the importance of protecting the privacy and rights of individuals in relation to their personal information and are committed to protecting the privacy of personal information in accordance with the Privacy Act 1993 (the “Act”).

1.2 This Privacy Policy does not limit or exclude any of your rights under the Act and if you would like further information regarding the Act please visit www.privacy.org.nz.

1.3 This Privacy Policy sets out Nando’s approach to handling personal information, including how we collect, use, store, keep secure, disclose and provide access to your personal information.

1.4 The scope of this Privacy Policy covers the personal information handling practices of restaurants owned and operated by Nando’s in New Zealand.

1.5 This Privacy Policy forms part of our terms of service of the Website and other websites that may be operated by us from time to time, which you should also read.

2. What is personal information?

2.1 When used in this Privacy Policy, the term “personal information” has the meaning given to it in the Act. In general terms, it is any information that can be used to personally identify you. This may include your name, gender, date of birth, address, telephone number, email address, credit card details, financial information and profession or occupation.

2.2 If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.

3. What personal information do we collect and how is it collected?

3.1 We will collect your personal information in a fair and lawful manner. Where it is practical to do so, we will collect your personal information directly from you, and only to the extent that we reasonably require the personal information for one or more of our business functions or activities, to provide you with a Nando’s product or service or to determine your suitability as a Nando’s employee (where appropriate).

3.2 The kinds of personal information we may collect from you will depend on what type of interaction you have with us. However, it may include, amongst other things:

a. personal information you give us when you participate in a promotion, competition, survey, market research, mobile service (e.g. SMS or MMS), subscribe to our mailing list, participate in our PERi-Perks loyalty program or similar, use the Nando’s mobile application (“App”), participate or contribute to our online forums or interact or follow our social media pages (e.g. Facebook, Twitter, LinkedIn or Instagram). This information may include your full name, postal and physical addresses, email address, telephone numbers, age, date of birth and loyalty membership details;

b. personal information you give us via our restaurants when you place an order in a restaurant by telephone or via an online ordering system (e.g. @TableOrdering or orders through the Website or the App) (“Online Ordering System”), when purchasing a gift card or when you logon to wi-fi provided at one of our restaurants. This information may include your full name, postal and physical address, email address, telephone numbers, age, date of birth, menu preferences, previous order information, loyalty membership details, credit card details, financial information, Internet Protocol (“IP”) address and your demographic and other data for market research, advertising and promotional purposes;

c. personal information you give us via telephone, email or in person when making a request or enquiry or submitting compliments, complaints or feedback. This information may include your full name, postal and physical address, email address, telephone numbers, age, date of birth, loyalty membership details, previous order information, credit card details, financial information and IP address;

d. information regarding your interests, preferences, purchasing behaviour and experience with our products and services, together with any additional information necessary for us to deliver those products and services to you and to respond to your enquiries;

e. if you are applying for a position with Nando’s, we will collect information detailed in the section below titled “employment applications”; and

f. any additional information relating to you that you provide to us directly through our Online Ordering Systems, any third-party online ordering system (e.g. UberEats, DoorDash, or MenuLog), your access and use of our Website or App or indirectly through use of our Website or App, social media platforms, online forums, applications, wi-fi services or online presence, through our agents and representatives and/or through our third party product and service providers.

3.3 We may collect personal information about you from social media services if you register or log into your account through a third-party social media service.

3.4 We may collect personal information about you from third parties where you have authorised this or where the information is publicly available.

3.5 We may collect information that is not personal information because it does not identify you. For example, we may collect anonymous answers to surveys or aggregated information about how users use our Website, App or Online Ordering Systems.

3.6 Except for when you apply for an employment position with Nando’s, we will not collect sensitive information about you (e.g. information about your racial or ethnic groups, political or religious beliefs or vaccination status) unless you have specifically consented to such collection or the collection is required by the Act or applicable laws.

3.7 We will use your personal information only for the particular purpose that you provided it or a directly related purpose. We may also use your personal information where that other use is required or permitted by the Act or applicable laws or with your express or implied consent.

4. Cookies and web beacons

4.1 Cookies are files that can identify you as a unique customer and can store your personal preferences as product preferences to tell us which website (including the Website) and website pages (including Website pages) that you have visited and in what order (“Cookies”).

4.2 We may collect your personal information using Cookies, by directly, or through a third party, sending Cookies to your computer or devices, or use similar technologies, to enhance your online experience on our Website, Online Ordering Systems and across the Internet.

4.3 Information we get through Cookies enables us to recognise your computer and greet you when you visit our Website or Online Ordering Systems. We use Cookies and other technical information to personalise your visit to our Website, to analyse traffic on our Website, to track user trends, patterns and selections for authorised downloads and for technical reasons connected with your use of our Website and Online Ordering Systems.

4.4 Cookies can either be permanent (they remain on your computer until you delete them) or temporary (they last only until you close your browser). If you do not want to receive Cookies, you can set your browser so that your computer does not accept them. However, please note that certain areas of our Website and Online Ordering Systems can only be accessed with Cookies or similar devices.

4.5 Web beacons (or web bugs) are small strings of code that deliver graphic images on a web page to transfer data (e.g. the IP address of the computer that downloaded the page that the web beacon appears, the Uniform Resource Locator (“URL”) of the page that the web beacon appears, the time the page containing the web beacon was viewed, the types of browser that fetched the web beacon or the identification number of any Cookie on the computer previously placed by that server) (“Web Beacon”).

4.6 We may use Web Beacons to monitor your use of the Website, your use of the Online Ordering Systems or when corresponding with you via HTML capable e-mail which let us know whether you received and opened our email. By setting your web browser to display HTML emails as text only, you may be able to prevent the use of some Web Beacons if desired.

4.7 On their own, Cookies and Web Beacons do not contain or reveal any personal information. However, if you choose to provide us with personal information, it can be linked to the anonymous data stored in the Cookies and/or Web Beacons.

5. What happens if we can’t collect your personal information?

5.1 You are not required to disclose your personal information to us, and where lawful, you may deal with us anonymously or using a pseudonym.

5.2 If you remain anonymous, use a pseudonym or choose not to provide us with the personal information described above, the following may happen:

a. we may not be able to provide the requested products or services to you, either to the same standard or at all;

b. we may not be able to provide information about products and services that you may want, including information about special promotions and competitions;

c. we may not be able to provide you with details, information or an appropriate response to any enquiries or requests that you have made; and/or

d. we may be unable to tailor the content of our Website, the Online Ordering Systems and/or other related sites to your preferences and your experience of our Website or Online Ordering Systems may not be as enjoyable or useful.

6. For what purposes do we collect, hold, use and disclose your personal information?

6.1 We collect personal information about you so that we can perform our business activities and functions and provide the best possible quality of customer service. The way we will collect, use and disclose your personal information depends on the reasons for which it was collected, however this is generally for the following purposes:

a. processing meal orders that you place with us in our restaurants or via an Online Ordering System, providing you with our products and services or processing refunds;

b. processing orders for gift cards that you place with us in our restaurants, by telephone or via our Website or Online Ordering System;

c. where you choose to receive mobile services and content via SMS, MMS and other mobile services, including the App, we use this information to deliver such mobile services and content to you, carry out market research, track sales data, inform you of upcoming events and help plan and promote other promotional activities which may be of interest to you;

d. to respond to any questions or queries you have and process, investigate and respond to any feedback, complaint or compliment you make;

e. promoting, marketing and carrying out our current and future products, services, promotions, offers, games, programs and competitions to you;

f. to improve the operation and navigation of our Website, App, Online Ordering Systems and social media platforms, and inform you of changes made to our Website, App, Online Ordering Systems and/or social media platforms;

g. assisting you with remembering and re-ordering from our menu in the future, developing an online customer profile and keeping your contact details up to date;

h. to obtain opinions or comments about products and/or services and to conduct other statistical and market research with a view to improving our products and services;

i. for the purposes of and incidental to you registering for and/or using of our wi-fi services;

j. processing and considering your employment application (see “employment applications” section below); and

k. facilitating our internal business operations, including fulfilment of any legal, security, information technology and regulatory requirements.

6.2 We may use your personal information for other purposes not listed above which will be made clear to you at the time we collect your personal information, for a directly related purpose, where you have consented to such use or disclosure or for such other purposes as may be required or permitted by the Act or applicable laws.

7. Who can we disclose your personal information to?

7.1 For the purposes described in the section above, we may disclose your personal information to, and share your personal information with, the following:

a. our officers, employees, contractors and agents for the purpose of operating our business, our Website, App or Online Ordering Systems, fulfilling requests by you and otherwise providing products and services to you including, without limitation, web hosting providers, IT system administrators, agencies, advertisers, business partners, product and service suppliers, payment processors, data entry service providers, regulatory authorities, auditors and professional advisors such as accountants, legal advisors, business advisors and consultants;

b. suppliers and other third parties we have a commercial relationships with for business, marketing and other related purposes;

c. third parties where the Act or applicable laws require or authorise us to; and

d. any person or entity for any authorised purpose with your express consent.

7.2 We may combine or share any personal information that we collect from you with information collected by any of our related companies within New Zealand or outside New Zealand (see the “do we disclose your personal information to anyone outside New Zealand” section below).

8. Direct marketing materials

8.1 We may send you direct marketing communications and information about our own products and services and direct marketing communications on behalf of our related companies that we consider may be of interest to you. These direct marketing communications may be sent in various forms, including by post, telephone calls, SMS, MMS and email or messaging within the Website, App or Online Ordering System in accordance with the Act and applicable laws. By providing your personal information to us, you consent to us sending you direct marketing communications in this way, unless you opt-out as described below.

8.2 If you indicate a preferred communication method, we will try to use that preferred communication method whenever practical in the circumstance.

8.3 At any time you may opt-out of receiving marketing communications from us by contacting us (see the “contacting us” section below), or by using the opt-out facilities provided in the marketing communication, and we will ensure that your name is removed from our marketing communications mailing list. You may choose to opt back in by contacting us (see the “contacting us” section below) or by resubscribing to receiving marketing information.

8.4 If we obtain your prior consent, we may use your personal information for the purposes of direct marketing of products and services on behalf of selected third parties.

9. Online forums

9.1 We may give opportunities for you to engage with us through written discussions, communications and comments in interactive online forums, social media platforms and articles. Material that we deem, in our absolute discretion, to be inappropriate or offensive will be removed from these forums and platforms.

9.2 All statements and opinions expressed in any discussions, communications, forums, platforms and articles are those of the individual contributors and not those of Nando’s.

9.3 Information you disclose to Nando’s through discussions, communications, forums, platforms and articles may be read, collected and used by Nando’s. However, as these discussions, communications, forums, platforms and articles are public, the information may also be read, collected and used by other users, the actions of whom Nando’s cannot control and for whom Nando’s takes no responsibility.

9.4 We suggest using your discretion and exercising caution when providing your information.

10. Employment applications

10.1 The type of personal information we generally collect about employment applicants is the information requested and included in an employment application (e.g. your full name, postal address, telephone numbers, email address, residency status, work rights, education details, employment history, references and other information relating to your work experience).

10.2 In considering your employment application, we may obtain personal information about you from third parties (e.g. your previous education institutions, employers or nominated referees). Subject to your prior consent, we may also collect sensitive information about you (e.g. information about your health (including any disability) or any criminal record).

10.3 We collect personal information for one or more of the following purposes:

a. assessing you for a position with us or one of our related companies;

b. assessing whether you are suitable to progress through each stage of the recruitment process for a vacant position; and/or

c. storing your information for future employment opportunities.

10.4 If you do not provide us with the information requested, we will be unable to fulfil the purposes.

10.5 We may disclose your information to:

a. your referees or previous employers;

b. recruitment agencies, agents or contractors acting on our behalf;

c. a related company;

d. recruitment agencies and contractors acting on our behalf, or employees of related companies or global Nando’s entities, based in other locations worldwide;

e. government agencies and service providers to verify your right to work; and

f. law enforcement agencies to verify whether you have a criminal record.

10.6 If we engage third party contractors to perform services for us, which involves the handling of personal information, we will take reasonable steps to prevent the contractor from using the personal information, except for the purpose for which it was supplied.

11. How can you access and correct your personal information?

11.1 Subject to the Act, you may request access to any personal information we hold about you at any time by contacting us (see the “contacting us” section below). Where we hold information that you are entitled to access pursuant to the Act, we will try to provide you with suitable means of accessing it (e.g. by posting or emailing it to you). We may charge you a reasonable administration fee to cover the costs of meeting your request. We will not charge you for simply making the request or for making any corrections to your personal information.

11.2 There may be instances where we cannot grant you access to the personal information we hold (e.g. if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality). If that happens, we will give you written reasons for any refusal.

11.3 If you believe that any personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it (see the “contacting us” section below).

11.4 To protect your personal information, privacy and security we will take reasonable steps to verify your identity before granting access.

12. What is the process for reporting a breach of privacy?

12.1 If you believe that this Privacy Policy has been breached, or your personal information has not been collected, stored, used or disclosed appropriately, please contact us using the contact information in the “contacting us” section below, and provide details of the incident so that we can investigate it. We request that reports about breaches of privacy be made in writing so that we can be sure about the details of the complaint.

12.2 We will attempt to confirm with you directly what your understanding of the relevant conduct is and what you expect the outcome to be, as we deem appropriate and necessary. We will inform you whether we will investigate the report and include the name, title and contact details of the person investigating and the estimated completion date.

12.3 After we have completed our investigation, we will contact you, usually in writing, to advise you of the outcome and invite a response to our conclusions. If we receive a response from you, we will assess it and advise if we have changed our view.

13. Do we disclose your personal information to anyone outside New Zealand?

13.1 We may disclose your personal information to entities located outside of New Zealand, who require access to collect, use, store and disclose your personal information in connection with fulfilling the requirements of this Privacy Policy.

13.2 We may disclose your personal information to the following:

a. our related companies located overseas;

b. third party suppliers, contractors and agencies based overseas that require the personal information to deliver the products and/or services to you; and

c. third party providers located overseas that we have engaged to fulfil business operational requirements in our business that require access to your personal information (e.g. data backup and storage and database service providers).

13.3 We will take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.

14. Security

14.1 Where we store your personal information depends on what interaction you have with us. Some areas may include servers and databases for processing customer and employee enquiries, comments and feedback, mail exchange servers, third party servers or email databases for marketing communications.

14.2 We take reasonable steps to ensure that your personal information is protected from misuse, interference and loss from unauthorised access, modification or disclosure.

14.3 We may hold your personal information in electronic and/or hard copy form.

14.4 We will only keep your personal information for as long as it is required for the purposes for which it was collected or as otherwise required by the Act or applicable laws.

14.5 We will take reasonable, commercially viable and appropriate measures to destroy or permanently de-identify your personal information if we no longer need to retain it. These measures may vary depending on the type and how it was collected and stored.

14.6 As our Website and Online Ordering Systems are linked to the Internet, and the Internet can be inherently insecure, we cannot provide any assurance regarding the security of information transmission that you may communicate to us online. We also cannot guarantee that any information you supply will not be intercepted while being transmitted over the Internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.

15. Links

15.1 Our Website and Online Ordering Systems may contain links to other websites operated by third parties which may be of interest to you. We make no representations or warranties in relation to the privacy policies of any third-party website and we are not responsible for the privacy policies or the content of any third-party website. Third party website providers and suppliers are directly responsible for informing you about their own privacy practices.

15.2 We may use third-party advertisements on our Website and Online Ordering Systems. These are not recommendations or endorsements by Nando’s or any of its related companies or affiliates and we therefore take no responsibility for such information or content.

15.3 To the extent permitted by law, Nando’s is not responsible for the content (including representations) of any third-party advertisement on the Website or Online Ordering System. These third parties may view, edit or set their own Cookies. The use of these technologies by such third parties is subject to their own privacy policies and is not covered by this Privacy Policy.

16. Policy changes

16.1 We may revise this Privacy Policy from time to time. Any updated version of this Privacy Policy will be posted on the Website, so we ask that you please review it regularly.

16.2 Your continued use of the Website, the App and any Online Ordering Services and acceptance of Nando’s products and services, will be deemed acceptance of any amended Privacy Policy.

17. Contacting us

17.1 If you have any questions or comments about this Privacy Policy, please use the contact link on our Website or contact us using the details set out below:

Nando’s New Zealand Limited and NNZ Restaurants Limited

Email: ANZ.PrivacyOfficer@nandos.com.au

17.2 We are committed to working with our customers and employment applicants to obtain a fair resolution of any complaint or concern about privacy. To contact us with a query, feedback, compliment or complaint, please provide us with full details of your query, feedback, compliment or complaint and any supporting documentation.

17.3 Upon receipt of your query, feedback, compliment or complaint we will endeavour to provide you with an initial response within 7 business days and investigate and attempt to resolve your query, feedback, compliment or complaint within 30 business days, or such longer period as is necessary and notified to you by us.

This Privacy Policy was last updated on 13 July 2022.