McDonald’s P2W Arch Card® Privacy Policy

1. Introduction

Last updated: October 31, 2022

McDonald’s Arch Cards are issued by P2W, Inc. NFP (“P2W”), a trade association that is authorized to issue Arch Cards and is responsible for the operation and maintenance of the Arch Card program in the United States.  P2W is the sole legal obligor to the cardholder.

This Privacy Policy describes how P2W and its service providers collect, use, share, and protect information obtained from or about you when you purchase, reload, or use Arch Cards in participating restaurants, and when you purchase or reload Arch Cards online through www.mcdonalds.com or the McDonald’s Arch Card Online Reload Website (together, the “Websites”). 

This Privacy Policy also describes how P2W and its service providers collect, use, share, and protect information obtained from or about you when addressing customer service inquiries. 

The privacy practices of P2W and its service providers are consistent with U.S. law and other potentially applicable law, including Canada’s Personal Information Protection and Electronic Documents Act, and the European Union’s General Data Protection Regulation (“GDPR”), which governs the collection, storage, use, and transfer of personal information for European Union residents.  P2W’s principal service providers – Interactive Communications International, Inc. and First Data Resources, LLC, f/k/a ValueLink, LLC – act as controllers and processors of your personal information within the meaning of the GDPR.  The legal bases for the processing of your personal information is your general and express consent as detailed herein and the pursuit of legitimate business interests.

If you have questions about this Privacy Policy or the protection of your information, please contact our Privacy Officer using the contact information provided below.

We may update or otherwise modify this Privacy Policy from time to time.  If we make material changes to this Privacy Policy, we will notify you by email or by posting a notice through the Websites.  Please review our Privacy Policy periodically to ensure you are aware of any changes that have been made.   Your continued use of the Websites after any such changes are made constitutes an agreement to be bound by such changes.

2. Information Collected

P2W service providers collect information when you purchase, reload, or use Arch Cards in participating restaurants, and when you purchase or reload Arch Cards online through the Websites.  P2W and its service providers may also collect information when addressing customer service inquiries and investigating potential misuse or fraud. 

The information collected falls into three categories: (1) information you provide; (2) information that may be collected automatically; and (3) information that may be collected from other sources.  The information collected may include personally identifiable information, meaning information that can be used to identify you, whether alone or in combination.

Information You Provide

P2W service providers collect the information you provide when you purchase, reload, or use Arch Cards in participating restaurants, when you purchase or reload Arch Cards online through the Websites, and when you submit customer service inquiries.  That information may include personally identifiable information such as your Arch Card number, first and last name, email address, date of birth, phone number, credit card information, business, billing, and shipping addresses, order details, transaction information, and other potentially identifiable information.

P2W does not have access to your personally identifiable information except to the limited extent required to approve bulk purchases of Arch Cards and to address customer service inquiries.  Likewise, in order to help protect and ensure your privacy, P2W only maintains information stored in connection with customer service inquiries for a period of 12 months. 

Information Collected Automatically

P2W service providers may also collect certain information about you automatically when you purchase or reload Arch Cards online through the Websites.  This information may include, without limitation:

  • Device and Location Information - P2W service providers may collect information about your computer, tablet, smart phone, or other network connected hardware, such as type, model, version, IP address, IMEI number, MAC address, Mobile RFID, other unique device identifiers, operating system characteristics, device or session ID, error-related data status, capability, confirmation, functionality, performance data, connection type, and location data.
  • Usage Information - P2W service providers may collect information about your use of the services being provided, such as browser type, access times, pages viewed, and the referring link through which you accessed the services being provided. This information may also include clickstream data, which is information about the page-by-page paths you take as you browse through the services provided.
  • Purchase Information - P2W service providers may collect information about your purchases and other transactions using the services provided.

This information is gathered through various tools and methods, such as cookies, web beacons, embedded scripts, entity tags, HTML5 local storage, in-app tracking protocols, and location-identifying technologies.

  • Cookies - Cookies are small data files that are sent from a website’s server and stored on your device’s hard drive or other data storage mechanism either for the duration of your visit or a longer period of time. These cookies may be used for many purposes, including, without limitation, tracking user preferences or web pages visited while using the services provided.  Most web browsers are set to accept cookies by default, but, if you prefer, you may be able to set your browser to reject or block cookies, as discussed further below.
  • Web Beacons - Web beacons are small, transparent images that are embedded in web pages, applications, and emails. They are sometimes referred to as “tracking pixels,” “clear gifs,” “single pixel gifs,” “internet tags,” “page tags,” or “web bugs.”  P2W service providers may use web beacons or similar technologies for a number of purposes, including, without limitation, to count the number of visitors to their sites, to monitor how users navigate the services provided, and to count how many emails that were sent were actually opened.
  • Embedded Scripts - Embedded scripts are code snippets within websites and applications that are designed to collect information about your interactions with the services provided. These scripts facilitate operations by, among other things, monitoring usage of online components. The scripts are temporarily downloaded onto your device and are active only while you are connected to the services provided. They are either deleted or deactivated thereafter.
  • Entity Tags - Entity Tags are HTTP code mechanisms that allow portions of websites to be stored or “cached” within your browser.  The tags validate these “caches” when a website is opened, accelerating website performance if the content of a particular webpage has not changed.
  • HTML5 Local Storage - HTML5 local storage allows data from websites to be stored or “cached” within your browser to store and retrieve data in HTML5 pages when the website is revisited.
  • In-App Tracking Protocols - Mobile applications also often employ other tracking technologies such as device identifiers and “Ad IDs” to associate app user activity to a particular app.
  • Location-Identifying Technologies - These technologies include GPS software and other means of locating you, in order to verify your location and deliver relevant content to you based on your location.

These technologies and others like them are used for the following purpose:

  • Services and Functionality - Some of these technologies are required to allow you to access and use the services provided.  Without these technologies, parts of the services would not work properly and you would be unable to fully use them.
  • Usage and Performance Monitoring - Some of these technologies help our service providers track and analyze the volume of use and performance of the services provided.  They show us how visitors and customers interact with the services, whether there are any errors in webpages, applications, or other components of the services, the degree to which certain webpages, applications, and other functionality is accessed and used, and how they are performing or operating.  When these technologies are used for performance monitoring, no information that identifies you is collected.
  • User Convenience - Some of these technologies enhance the ease of use of websites and mobile applications, as well as the services and functionality they make available.   They do this by, among other things, accelerating load and refresh times and remembering information that you have provided previously.
  • Marketing - Some of these technologies are used to tailor your experience using the services by controlling the promotions, advertisements, and other marketing messages that may appear when you access or use the services.  These technologies also help our service providers learn which services and functionality you are using and how you are accessing information about us or the services.  

Information We Collect From Other Sources

P2W service providers may also collect information about you from publicly and commercially available sources, such as social media, the internet, credit reference agencies, and fraud prevention agencies. 

The information obtained from these sources is used to verify or correct information and enhance the security of your transactions.

Combination of Information

P2W’s service providers may combine or associate the information you provide with information collected from you automatically and information collected from other sources.  If any personally identifiable information you provide is combined or associated with information collected from you automatically or information collected from other sources, the combined or associated information is treated as personally identifiable information for all applicable purposes.

3. Use of Information

P2W and its service providers may use the information collected about you for various purposes, including to:

  • Process purchases of Arch Cards, individually and in bulk;
  • Process reloads of Arch Cards;
  • Process requests to create an Arch Card Corporate Account or an Arch Card Online Reload Account;
  • Manage such Account(s);
  • Process transactions involving the purchase of goods and services with Arch Cards;
  • Communicate with you about your account(s), as well as products, services, programs, promotions, offers, sweepstakes, contests, rewards, surveys, and transactions;
  • Detect, investigate, and prevent security breaches or fraudulent transactions;
  • Respond to your customer service inquiries and other questions, requests, or comments;
  • Conduct research, analysis, and marketing activities;
  • Monitor and analyze usage, activities, and trends;
  • Maintain appropriate records for internal administrative purposes;
  • Send you notices, updates, alerts, and other administrative or support messages; and
  • Any other purpose, with your consent or as permitted or required by applicable law.

P2W and its service providers take commercially reasonable steps to ensure that the personally identifiable information we process is relevant to the purposes of that processing.

4. Sharing of Information

P2W and its service providers may share information collected about you, with or without notice to you, in the following circumstances:

  • When We Work Together – Information may be shared with other companies for purposes of management and analysis, decision making, and other business purposes.
  • When We Work with Administrative Service Providers - Information may be shared with other service providers that provide support services, such as website hosting, email address verification, email and postal delivery, product and service delivery, credit card processing, location mapping, analytics, and research.
  • When We Work with Marketing Service Providers - Information may be shared with marketing service providers for promotional purposes, including, without limitation, to assess, develop, and provide you with promotions and special offers that may be of interest, and to administer sweepstakes, contests, and other similar programs.
  • When We Work on Business Transactions – Information may be shared with entities or persons involved in certain business transactions, such as a merger or other situation involving the transfer of a business or assets.
  • When Sharing Helps Us Protect Lawful Interests – Information may be shared with governmental entities or other third-parties if the disclosure is believed to be (1) permitted or required by law, (2) necessary to enforce our Terms and Conditions or any other applicable agreement or policy, or (3) necessary to protect the rights, property, life, health, security, or safety of any entity or person, including ourselves, our service providers, our customers, and any third party.
  • When You Give Consent – Information may be shared with other companies and persons if you give us permission or direct us to do so.
  • When Your Information Does Not Directly Identify You - Information may be shared in a way that does not directly identify you.  For example, information about your use of our products and services may be shared in a manner that does not identify you, and information about the nature or frequency of your transactions may be combined with similar information about other people and shared with others for statistical analysis and other business purposes.

5. Protection of Information

P2W and its service providers employ commercially reasonable methods to protect your information.  Those commercially reasonable methods include technical, physical, and administrative security measures designed to reduce the risk of loss, misuse, unauthorized access, disclosure, modification, and destruction of your information.

For example, your personally identifiable information is stored behind secured networks and is accessible only by a limited number of persons who have special access rights to such systems and are required to keep your information confidential.  In addition, the transmission of highly sensitive information, such as a credit card number, is encrypted via Secure Socket Layer (SSL) technology.  The Websites are also scanned on a regular basis for security vulnerabilities in order to make your use of the Websites as safe as possible.

Please note, however, that although we have employed commercially reasonable methods to help safeguard your information, no system or network can be guaranteed to be 100% secure.

Please also note that you must be vigilant in protecting your account logins and passwords in order to maintain the security of your information.

6. Your Consent and Choices

P2W and its service providers collect information in a fair and non-intrusive manner, as set forth above.  They also recognize the need for appropriate management and protections of the information you provide.

P2W has adopted and implemented this Privacy Policy in order to assist you in understanding the types of information P2W and its service providers collect, how that information may be used, and how that information may be shared with others.  By using purchasing, reloading, or using Arch Cards, you expressly agree that P2W and its service providers may collect, use, and share your information in accordance with this Privacy Policy or as permitted or required by law.  You also expressly agree that your information may be collected, transferred, stored, or disclosed both within and outside the U.S., including but not limited to Canada, the European Union, and Switzerland.  Some of these jurisdictions may have laws that provide less protection to your information than you receive under the laws in our own jurisdiction.  The U.S., for instance, has not received a decision from the European Commission determining that it provides adequate protection to personally identifiable information.  Canada, by contrast, has received such a decision.  P2W and its service providers will take reasonable steps to ensure that any transfer or disclosure of personal information to or within any jurisdiction complies with applicable law and receives the level of protection required by those jurisdictions. 

If P2W or its service providers are required or wish to provide notice of unauthorized access to their data security systems or unauthorized access to or processing of your information, you expressly agree that P2W and/or its service providers may do so by posting a notice on the
Websites, or by sending an email to any email address in your account profile.

If you do not consent to P2W’s collection, use, or sharing of your information as provided in this Privacy Policy, you should not purchase, reload, or use Arch Cards or the Websites.

If you wish to withdraw your consent to P2W’s collection, use, or sharing of your information as provided in this Privacy Policy, you have the right to do so at any time.  If you wish to exercise that right, please contact our Privacy Officer as set forth below.

Managing Your Information

When you purchase individual Arch Cards online or sign up for an Arch Card Corporate Account or Online Reload Account, you must submit certain information to us, including personal information.  You are responsible for providing accurate information to us, and you are also responsible for maintaining the accuracy of your account information.  You can access, review, correct, update, and remove the account information you have submitted to us by signing into your account(s).  We will make good faith efforts to reflect your changes in our then-active databases as soon as reasonably practicable.  Please note that it is not always possible to completely remove or delete all information from our databases.  Residual data may remain on backup media or for other reasons.  We may also retain information you submit to us as business records, for administrative purposes.

With respect to mobile and other applications, you can prospectively stop the collection of information by uninstalling the applications. 

Promotional and Operational Communications

If you have signed up for the receipt of promotional emails, you can opt out of receiving such emails at any time by following the “unsubscribe” instructions in the promotional emails we send you.  Please note that even if you opt out of receiving promotional emails, we may continue to send you non-promotional emails and other types of communications, as permitted by law.  For example, we may send emails that contain service-related announcements that affect your account, purchase confirmations and updates regarding rides you’ve booked, requests for feedback on our products and services, or responses to comments and feedback submitted to us. 

You must opt in to receive promotional text messages and may opt out at any time thereafter by following the instructions provided in the text messages.

Mobile applications may send you “in-app messages” or “push notifications” including alerts, sounds, and icon badges.  These “in-app messages” may be of a promotional nature or an operational nature.  Such messages are part of the application’s functionality and cannot be turned off.  You can opt out of receiving “push notifications” or alter the way the notifications are delivered by modifying your device and application settings.

Cookies, Web Beacons, and Similar Technologies

You may be able to reject or block cookies, web beacons, entity tags, and HTML5 local storage by adjusting the appropriate settings in your browser software.  Each browser is different, but many common browsers such as Internet Explorer, Chrome, Firefox, and Safari have preferences or options that may be adjusted to allow you to reject or block cookies and certain other technologies before they are received or installed.  Some browsers also allow you to reject the installation or use of certain technologies altogether.  For more information, open your browser and access the Help menu.  You may have to repeat this process for each browser that you use.

Please note that if you choose to reject or block cookies, it could also affect the availability and functionality of certain aspects of our services.

Location Information

You may be able to adjust your device settings so that information about your physical location is not sent to us or third parties by disabling location services, or by changing preferences and permissions within websites and mobile applications.  Please note that several device settings and functions may be used to derive your physical location, including WiFi, Bluetooth, and others.  See your device settings and functions for more information.

Please also note that if you choose to disable location services or choose preferences or permissions pertaining to location tracking, it could affect the availability and functionality of certain aspects of our services.

Interest-Based Ads

Many advertising companies that collect information for interest-based advertising are members of the Digital Advertising Alliance or the Network Advertising Initiative, both of which maintain websites where people can opt out of interest-based advertising from their members.  To opt-out of such advertising, visit www.AboutAds.info and www.networkadvertising.org.

We are not responsible for the effectiveness of, or compliance with, those opt-out programs.

You should also be aware that, even if you are able to opt out of interest-based advertising, you may continue to receive generic advertisements.

“Do Not Track” Technology

Some newer web browsers have a “Do Not Track” preference that transmits a “Do Not Track” header to the websites you visit.  This header indicates that you do not want your activity to be tracked.  Like many websites and online services, the Websites do not respond to browser “Do Not Track” signals.

7. Third-Party Websites and Services

The Websites may contain hyperlinks to other websites or services which that are owned and operated by third parties.  Those links are provided as a convenience and no representations are made regarding the policies or business practices of such third parties.  This Privacy Policy does not apply to any website or service owned or operated by such third parties; nor are we responsible for the policies or business practices of such third parties.  We encourage you to review the privacy policy of any website or service owned and operated by a third party before submitting any information to that third party or otherwise accessing/using the services provided by that third party.

8. Children

P2W and its service providers do not intend for the Websites to be used by children under the age of 13.  If you are a child under the age of 13, you are not permitted to use the Websites and you should not send any information about yourself to us through them. 

If you are a parent or guardian of a child under the age of 13 and you believe we may have collected information about him/her, please contact our Privacy Officer as set forth below.

9. California Residents

This portion of the Privacy Policy applies to California consumers only.  It does not apply to information collected through business-to-business interactions.

Personal Information Collected on California Consumers, Sources of Collection, and Business Purposes for Collection for the Last Twelve Months

As described in the section titled "Information Collected” above, P2W service providers collect the information you provide when you purchase, reload, or use Arch Cards in participating restaurants, when you purchase or reload Arch Cards online through the Websites, and when you submit customer service inquiries.  The personal information obtained regarding California residents includes the following:

  • Identifiers such as Arch Card number, first and last name, email address, date of birth, phone number, credit card information, billing and shipping addresses, order details, transaction information, and other potentially identifiable information.
  • The following categories of personal information described in California Civil Code § 1798.80(e): (1) the personal information listed in the preceding bullet point as "identifiers," (2) the other information that identifies, relates to, describes, or is capable of being associated with, a particular individual that we describe in the section titled "Information Collected” above.

Business Purposes for Collecting Personal Information for the Last 12 Months

P2W and/or its service providers may have used or disclosed information collected regarding California residents for various business purposes, including to:

  • Process purchases of Arch Cards, individually and in bulk;
  • Process reloads of Arch Cards;
  • Process requests to create an Arch Card Corporate Account or an Arch Card Online Reload Account;
  • Manage such Accounts;
  • Process transactions involving the purchase of goods and services with Arch Cards;
  • Communicate about accounts, as well as products, services, and other matters;
  • Detect, investigate, and prevent security breaches or fraudulent transactions;
  • Respond to customer service inquiries and other questions, requests, or comments;
  • Conduct research, analysis, and marketing activities;
  • Monitor and analyze usage, activities, and trends;
  • Maintain appropriate records for internal administrative purposes;
  • Send notices, updates, alerts, and other administrative or support messages; and
  • Other purposes consented to or permitted or required by applicable law.

For more information, please see the sections titled "Use of Information" and “Sharing of Information” above.

No Sales of Personal information for the Last 12 Months

P2W and its service providers do not sell personal information and have not sold any personal information described herein within the past 12 months.

Your California Privacy Rights

If you are a California resident, you have the following rights for purposes of the personal information covered by this Privacy Policy.

Right to Access and Right to Know About Personal Information Collected, Disclosed, or Sold.

You have the right to request that we disclose the following to you:

  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information is collected;
  • Our business or commercial purpose for collecting or selling personal information;
  • The categories of third parties with whom we share personal information;
  • The specific pieces of information we have collected about you.
  • The categories of personal information about you that we have sold, if any, by category or categories of personal information for each third party to which we sold the personal information; and
  • The categories of personal information about you that we disclosed for a business purpose.

Right to Deletion of Personal Information.

You have the right to request deletion of your personal information we collected from you.

Right to Opt-Out.

You have the right to opt out of the disclosure of personal information we collected from you. 

Right to Non-Discrimination for Exercise of a California Privacy Rights.

We may not discriminate against you because of your exercise of any of the foregoing rights, or any other rights under the California Consumer Privacy Act, including by:

  • Denying you goods or services;
  • Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
  • Providing you a different level or quality of goods or services; or
  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided by your personal information.

How to Exercise Your California Rights and How We May Verify Your Request

You may request the rights listed above by:

  • Calling us at: (800) 244-6227
  • Emailing us at: Arch_Card_Questions@us.mcd.com
  • Writing us at:
    P2W Privacy
    Attn: Dept. #213
    711 Jorie Blvd.
    Oak Brook, IL 60523

When you make a request, we may take steps to verify your identity before responding to your request.  In order to verify your identity with respect to the non-sensitive data that is subject to this notice, we may ask you to confirm your email address and/or account information, and we may ask questions about the scope of your interaction with us and our service providers. We reserve the right to take additional steps to verify your identity using other information we have about you.

You may designate an authorized agent to make a request on your behalf.  You may make such a designation by providing the agent with written permission to act on your behalf.  As permitted by law, we may take steps to verify your own identity in response to a request even if you choose to use an agent.

10. Nevada Residents

P2W customers who are Nevada residents have the right under Nevada law to direct us not to make any “sale” of any “covered information” that we have collected, or that we may collect in the future, from or about you.  The term “sale” is limited to our exchanging your information for money to anyone who intends to license or sell that information to other people.  It does not include our disclosing your information to anyone who works with us to process your information, or to any of our affiliates.  “Covered information” may include personally identifiable information in the form of your first and last name, home or other physical address, email address or telephone number, and any other information that we have collected or may collect from you in combination with any of the other identifiers listed above that are unique to you and would identify you.

To exercise this right, contact our Privacy Officer as set forth below.  We may ask you to follow up telephone or web-based requests with an email confirmation.  We may also ask you to provide us with information that will help us identify you in order to verify your request. We will never ask you for a copy of your photo identification, your Social Security Number, or your full account number with us.  

Please allow up to 60 days for a response to your verified request.

11. Questions and Complaints

If you have questions, comments, concerns, or complaints about P2W’s privacy practices, please contact our Privacy Officer at:

P2W Privacy Officer

Telephone: (800) 244-6227

Email: Arch_Card_Questions@us.mcd.com

Mailing Address:
P2W Privacy
Attn: Dept. #213
711 Jorie Blvd.
Oak Brook, IL 60523

Our Privacy Officer will endeavor to respond to all questions, comments, and concerns as soon as reasonably practicable.  The Privacy Officer will also endeavor to investigate and attempt to resolve any complaints within 60 days.

If you are an E.U. resident, you have the right under the GDPR to lodge a complaint with your local supervisory authority for data protection.

Earn points on delivery or pickup via the app

Select a delivery partner to continue
Or, please select your McDelivery option
You are leaving McDonald’s to visit a site not hosted by McDonald’s. Please review the third-party’s privacy policy, accessibility policy, and terms. McDonald’s is not responsible for the content provided by third-party sites.