McDonald’s Franchisee Privacy Statement

1. Introduction

McDonald’s Corporation, McDonald’s USA, LLC, and their United States subsidiaries and affiliates (“McDonald’s”, “we”, “us”, or “our”) are committed to protecting information that we collect from our Franchisees (as defined below) for franchise-related purposes and for the administration of our franchise business related functions. We are mindful of privacy when we handle the personal information of our franchisees who are residents of the United States and either have or had a franchise to operate a McDonald’s restaurant in the United States, or are potential or actual McDonald’s franchise applicants (“you” or “Franchisee”). This McDonald’s Franchisee Privacy Statement (this “Statement”) describes McDonald’s practices regarding the collection, use, transfer, disclosure, and other handling of Franchisees’ personal information. This Statement may be updated from time to time to reflect changes in our personal information practices, and we will notify you of any significant changes consistent with the “Changes to This Statement” Section below, including by, as applicable, posting a notice on McDonald’s internal or external websites.

Please note that we share, and in the past 12 months have shared, Franchisees’ personal information with our business partners for cross-context behavioral advertising as described below, but we do not sell, and in the past 12 months have not sold, Franchisees’ personal information for any monetary consideration. Additionally, we do not sell or share, and in the past 12 months have not sold or shared, personal information of individuals we know to be under 16 years of age.

2. Scope

This Statement applies to Franchisees who are residents of the United States only.

Please note that this Statement does not apply to customers or employees of McDonald’s or customers or employees of Franchisees. If you are a customer and wish to learn how we process our customers’ personal information, please review McDonald's Global Customer Privacy Statement If you are an employee of a Franchisee, please contact your employer for information on their privacy practices.

3. Information We Collect

We collect personal information for the administration and management of our Franchisee relationships. The actual personal information collected will vary depending on your status as well as the nature of your relationship with us.

In the normal course of business, we collect, and have collected in the past twelve (12) months, the following categories of personal information about Franchisees for the purposes set out below under “Purposes for Which Your Personal Information Is Collected and Processed”:

• Identifiers and contact information such as a real name, suffix, alias, postal address, unique identification numbers, online identifier, internet protocol address, email address, Social Security number, passport number, usernames, passwords (whether assigned by McDonald’s or selected by you), accounting and payment information such as federal tax identification number, country, bank account, name of the account holder, bank category, reference details, SWIFT code, bank name and address, terms of payment, or accounting correspondence (to the extent it qualifies as personal information), real-estate related data, which may incidentally include personal information, and any other similar identifiers.
• Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) that may identify, relate to, describe, or be capable of being associated with particular individuals, including, the “identifiers” listed in the preceding bullet point, and the following: date of birth, marital status, birth or marriage certificates, nationality, signature, physical characteristics or description (e.g., photographs), address, home and mobile telephone numbers, driver’s license or state identification card number, bank account information or any other financial information.
• Characteristics of protected classifications under California or federal law, collected for diversity, equity, inclusion, and other lawful purposes within the McDonald’s franchise network, such as race, color, ethnicity, religion or philosophical beliefs, national origin, sex, gender, sexual orientation, marital status, medical conditions, disability status, information on physical limitations, special needs and other medical or health-related workplace accommodations, military and/or veteran status, residency, work permit status, age (40 years and older), and where permitted by law and proportionate in view of the function to be carried out by a Franchisee, the results of credit and criminal background checks, drug and alcohol testing, and other screening procedures.
• Internet or other electronic network activity information, including, but not limited to, information regarding and/or collected automatically as part of your interaction with the Systems (as defined below); electronic content produced or received by you using the Systems (including documents, information, and emails and other electronic communications transmitted or received through the use of the Systems); information relating to your accounts held on the Systems, websites, or apps (including account profiles on McDonald’s websites or apps and data stored in relation to such accounts, e.g., rights and privileges, activity, interests, preferences, or other information that may be associated with your account); and information received by McDonald’s if you sign into the Systems, websites, apps, or accounts using social media or other third-party tools. This also includes voicemails, emails, and other work product correspondence and communications created, stored, or transmitted using McDonald’s computers, devices, or other communications equipment.
• Geolocation data – If you use certain McDonald’s apps or websites, such apps or websites may collect location data.
• Audio, electronic, visual, or similar information, such as photographs, and information captured on security systems, including key card or other entry control systems and CCTV systems.
• Business, Professional, or Employment-related information, including:
  • Employment history, educational background and status, professional certifications, language capabilities, references, letters of recommendation, and interview notes;
  • Work history, spouses or relatives who may work for McDonald’s and your relationship to them, technical skills, training records, and emergency contact information;
  • Information collected in connection with taxation (such as information collected via standard tax forms) and verifying your right to work in the United States;
  • Acknowledgements regarding McDonald’s policies, such as our Standards of Business Conduct, as well as information provided pursuant to McDonald’s policies, such as information regarding potential conflicts of interest or similar compliance-related information;
  • Information we collect, including through third-party suppliers, regarding content and other data posted on the Internet (such as data posted on social media and other public locations on the Internet);
  • Any information needed to comply with McDonald’s policies or other reporting obligations, or requests from any court, governmental entities, or law enforcement authorities;
  • Franchisee application data such as financial data, CVs of key personnel, background checks, including criminal background check (to the extent it qualifies as personal information);
  • Information on the franchise agreement concluded with the relevant Franchisee (“Franchise Agreement”), including commercial terms, legal terms, and any other contractual documentation, information about contract performance, instances of non-performance, and information about the expiration and termination of the Franchise Agreement (to the extent it qualifies as personal information);
  • Financial data and performance-related data of the relevant Franchisee; financial records, data on corporations, limited liability companies, partnerships, and trusts that Franchisees assign to the McDonald’s restaurants they operate including direct and indirect shareholders, beneficiaries and trustees, quality assurance and quality control documents, and other information relevant for an audit (to the extent it qualifies as personal data); and
  • For training purposes, information about the status of your training courses and the date of their completion, as well as any test scores, technical data in relation to your usage of the training platform and the device, system, software, and peripherals from which you are accessing the platform.
• Education information, defined as information that is not publicly available personally identifiable information, as defined in the Family Educational Rights and Privacy Act. This includes details contained in letters of application and resumes/CVs such as institutions attended and performance.
• Inferences drawn from any of the information identified in this section to create a profile about a person reflecting the person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
• Sensitive personal information such as government-issued ID (e.g., Social Security or passport number), account login or payment card information in combination with credentials allowing access to the account, precise geolocation data, certain characteristics of protected classifications such as racial or ethnic origin, contents of mail, email, and text messages, and biometric data, in each case as further described above in the relevant categories.

We collect personal information:

(1) directly from you when you provide information to us through Systems, websites, or apps, for example, when you respond to a request for information relating to your franchise application and/or dealings and interactions with McDonald’s, use our Systems, websites, or apps, or contact us; (2) indirectly from your computers, devices, or other communications equipment when you communicate with our Systems or applications; (3) from our security Systems, including key card or other entry control systems and CCTV systems; (4) from other companies and organizations such as our advertising agency partners, social media networks, data brokers, payment processors, and other providers; and (5) from publicly available sources.

4. Purposes for Which Your Personal Information Is Collected and Processed

We collect and use your personal information for various business purposes which include purposes disclosed in this Statement or purposes compatible with the context in which the personal information was collected. For example, business purposes include auditing, helping to ensure security and integrity, debugging, short-term, transient use, performing services, providing advertising and marketing services, undertaking internal research for technological development and demonstration, or undertaking activities to verify or maintain the quality or safety of a service or device. We also use your personal information for the following purposes:

• The administration, management, and oversight of the franchise relationship (e.g., financial and performance- based reporting, billing and collection of rental and service fees);
• The provision and facilitation of access to McDonald’s and McDonald’s vendors’ systems and applications utilized during the course of the franchise relationship (including identity and access management or in- restaurant technologies);
• Monitoring the security and use of our networks, communications and systems, offices and facilities, property and infrastructure, and information security services optionally offered to franchisees;
• Reporting and statistical analysis (e.g., System usage, content access, and transactional level detail); optional services offered by McDonald’s and various learning platforms;
• Compliance with legal and regulatory obligations such as compliance with anti-money laundering and trade sanction-related requirements, including record-keeping and reporting obligations;
• Dispute and complaint resolution, internal investigations and reviews, auditing, compliance with internal policies, and risk management;
• Establishing, exercising, or defending against legal claims;
• Assessment of a potential Franchisee’s suitability as a franchisee as part of our franchise due diligence process; and,
• Quality management in respect of our products, services and Systems, and improvement of the restaurant operation process of the relevant Franchisee.

We may also monitor visits to our websites or mobile apps and sessions of Franchisees; this monitoring may log the details of your visits to our websites or mobile apps and information generated in the course of using our websites or mobile apps, such as mouse movements, clicks, page visits, text entered, how long you spent on a page, and other details of your visits to or actions on our websites or mobile apps. We may also share any of the data collected by these technologies with third parties for our business purposes.

To the extent any envisioned use is inconsistent with or outside of the contemplated uses in this Statement, we will communicate that to you as required by law.

We may de-identify personal information about you or receive de-identified personal information about you, and we may use and disclose such information for any purposes in accordance with applicable law. We will maintain de-identified information in de-identified form, and will not re-identify such information, except in accordance with the requirements of applicable law. De-identified or aggregate information is not personal information.

5. Disclosures of Personal Information

We disclose Franchisees’ personal information to our affiliates and third parties as appropriate for any purposes described in this Statement. In general, we disclose personal information to the following categories of third parties:

• Members of the McDonald’s Family, including McDonald’s Corporation, McDonald’s USA LLC, and each of their respective subsidiaries, and affiliates, and McDonald’s franchisees;
• Vendors and service providers who help McDonald’s operate our business;
• Public authorities and courts;
• Buyers or other parties involved in a corporate transaction if we decide to sell or transfer all or part of our business or assets;
• Professional advisers such as our legal representatives, auditors, and insurance brokers; and
• Other business partners if they are involved in franchisee recruitment, training, or relationship management matters.

We disclose, and have disclosed in the past twelve (12) months, personal information for the purposes described below:

• To administer the franchise relationship as well as provide the services described in this Statement, personal information of Franchisees may be disclosed to McDonald’s employees, certain McDonald’s subsidiaries, and the relevant Franchisees;
• To engage vendors to assist us with processing the personal information subject to this Statement, we may disclose personal information to our vendor;
• To comply with legal obligations or in connection with legal claims, we may disclose personal information to public authorities, courts, or our professional advisers;
  • For cooperation with law enforcement agencies concerning conduct or activity that may violate federal, state, or local law;
  • For establishing, exercising, or defending against legal claims;
  • For compliance with McDonald’s policies and legal obligations;
  • For dispute and complaint resolution, enabling compliance reporting, internal investigations and reviews, auditing, and compliance and risk management;
  • For preventing illegal, wrongful, or unethical conduct in the conduct of the McDonald’s business;
  • For protecting the health and safety of Franchisees and others;
  • For safeguarding and maintaining the security of our premises, assets, IT systems, and infrastructure;
  • For compliance with record-keeping and reporting obligations;
  • For compliance with civil, criminal, or regulatory inquiries, investigations, subpoenas, or summons by federal, state, or local authorities;
  • In the event of a merger or acquisition, asset sale, a transfer of some or all of McDonald’s business, or other related transaction, we may disclose your personal information to the parties involved in the transaction; and
  • When we believe in good faith that a disclosure is required by law or to protect the safety of our employees, Franchisees, Franchisees’ employees, the public, or McDonald’s property, we may disclose your personal information to law enforcement agencies.

As is common practice among businesses that operate Internet websites and mobile apps, within the past 12 months, we have disclosed certain identifiers such as email addresses and pseudonymized identifiers, information about the use of our websites and apps, and inferences drawn about Franchisees to our consultants and analytics partners for diversity, equity and inclusive initiatives and other efforts.

6. Security

We use technical, physical, and organizational security measures designed to protect against unauthorized access, disclosure, damage, or loss of personal information. The collection, transmission, and storage of information can never be guaranteed to be completely secure. Please take steps to secure your access credentials such as login name and password, and do not share them with anyone. We take steps designed to implement applicable security safeguards internally and with our third-party service providers to protect your information.

7. Retention of Personal Information

Unless a specific retention period is mandated or permitted under applicable law, McDonald’s will only retain personal information for the duration of time necessary to fulfill the purposes described in this Statement. This means that we may retain your personal information for a period of time following termination of the Franchisee relationship with McDonald’s pursuant to our retention policy. Our retention policies reflect applicable laws.

8. Notice of Monitoring of McDonald’s IT Systems

We may provide you with access to information technology systems, networks, and/or applications owned or operated by McDonald’s (the “Systems”) so you, as our Franchisee, can communicate and collaborate with us. Please note that McDonald’s may monitor and record your use of these Systems, including activity you conduct while using the Systems, emails, and other electronic communications sent, received, or stored through these Systems, in order to operate and secure the Systems, for compliance and audit purposes, and to protect against fraud, illegal activity, violation of McDonald’s policies, or misuse of the Systems or McDonald’s information assets or other property. Accordingly, you should not have any expectation of privacy otherwise in connection with your use of the Systems.

9. Your California Privacy Rights

If you are a California resident, you have additional rights. We will honor requests received to the extent required by applicable law and within the time provided by law.

Right to Access, Right to Know, Right to Correct, Right to Delete, and Right to Opt Out of Sales or Sharing

• Right to Access and Right to Know. You have the right to request that we disclose the following to you:
  • the categories of personal information we have collected about you;
  • the categories of sources from which the personal information is collected;
  • our business or commercial purpose for collecting, selling, or sharing personal information;
  • the categories of third parties to whom we disclose personal information;
  • the specific pieces of information we have collected about you;
  • the categories of personal information about you, if any, that we have sold or shared, and the categories of third parties to whom we have sold or shared the information, by category or categories of personal information for each category of third party to whom we sold or shared the personal information; and
  • the categories of personal information about you that we disclosed for a business purpose, and the categories of recipients to whom we disclosed the information for a business purpose.
• Right to Correct. You have the right to request that we correct inaccurate personal information that we have collected about you.
• Right to Delete. You have the right to request that we delete personal information about you that we have collected from you.
• Right to Opt Out of Sales or Sharing. You have the right to opt out of the disclosure of personal information about you for consideration and the sharing of personal information about you for cross-context behavioral advertising. Select Do Not Sell or Share My Information  to be directed to an interactive form through which you may submit an online request to opt-out. To opt-out of collection of information by analytics, advertising, and social media partners, you can click on Cookie Settings on McDonald’s website and disable cookies. You can also visit the opt-out tools provided by the Network Advertising Alliance and the Digital Advertising Alliance.

Additionally, McDonald’s will process opt-out requests submitted by an individual’s opt-out preference signal as required by applicable law. The technical specifications of an individual’s opt-out preference signal determine how we process such signals. For example, if an individual installs opt-out preference technology on a browser, and the opt-out preference signal it sends is associated solely with a user’s browser, the opt-out will be applied to the browser. As of the “Last Updated” date of this Statement, our processing of opt-out preference signals can be considered “frictionless” under California law.

You can learn how to set up and use an opt-out preference signal by visiting, and consulting the section titled “Right to Opt-Out of Sale or Sharing” California Consumer Privacy Act (CCPA). You can also consult information published by the California Consumer Privacy Act (CCPA) about how you can set up and use opt-out preference signals.

Please note that we may decline your requests under certain circumstances permitted under the law, and we will communicate such exceptions where they apply.

For requests made in connection with the Right to Access, Right to Know, Right to Correct, and/or Right to Delete, please note:

• As required or permitted under applicable law, we may take steps to verify your request before we can provide personal information to you, correct, or delete personal information, or otherwise process your request. To verify your request, you must provide your name, email address, and state of residence, and you may also have the option to provide your phone number. If we believe we need further information to verify your request as required by law and depending on the type of request, we may ask you to provide additional information to us.
• We will process your request within 45 days after receipt of a verifiable request, unless we notify you that we require additional time to respond, in which case we will respond within such additional period of time required by law. If your request involves us providing personal information to you, we may deliver the personal information to you through OneTrust. If electronically, then we will deliver the information to you, or at your request to another entity, if applicable in a portable and, to the extent technically feasible, structured, commonly used, machine-readable format that allows you to transmit the information from one entity to another without hindrance.

Right to Non-Discrimination. We may not discriminate against you because of your exercise of any of the foregoing privacy rights, or any other rights under the California Consumer Privacy Act, including by:

• Denying you goods or services;
• Charging different prices or rates for goods or services, including through the use of discounts or other benefits or by imposing penalties;
• Providing you a different level or quality of goods or services; or
• Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

10. Requests to Exercise Your Rights

You may request to exercise your privacy rights by:

• Submitting a request through McDonald’s Privacy Rights Center.
• Emailing us at franchising@us.mcd.com.
• Calling us toll-free at 888-511-9903.

Metrics Regarding Privacy Requests

We publish metrics relating to our handling of California rights requests in the previous calendar year, including requests submitted by Suppliers, in our California Privacy Notice California Privacy Notice

The following metrics relate to our handling of California rights request received from all individuals in the U.S. who identified themselves as franchisee applicants (actual or potential), current or former franchisees  in the period from January 1, 2023 to December 31, 2023.

Right to Know/Access

• Requests Received:  12
• Requests Completed:  12
• Requests Not Completed:  0
• Median Number of Days to Complete:  8.75

Right to Delete

• Requests Received:  1
• Requests Completed:  1
• Requests Not Completed:  0
• Median Number of Days to Complete:  1

Update Data

• Requests Received: 1
• Requests Completed:  1
• Requests Not Completed:  0
• Median Number of Days to Complete: 10

11. Accessibility

If you are a user with a disability, or an individual assisting a user with a disability, and have difficulty accessing or navigating our digital channels – including this Statement – please contact us at accessibility@us.mcd.com. You can also review our Accessibility Statement.

12. Do Not Track

Please note that our websites and mobile apps are not designed to respond to “do not track” requests from web browsers.

13. How to Contact Us

If you have any questions or concerns in relation to our collection and management of your information or this Statement, you can reach us at: 

• By email: contact.privacy@us.mcd.com
• By post: Attn: Global Data Protection Office

Privacy at McDonald’s, Dept. 282

110 North Carpenter Street

Chicago, IL 60607-2101, USA

14. Changes to This Statement

From time to time we may change, modify, or amend this Statement in order to comply with the evolving regulatory environment or reflect the way we operate our business. Subject to any applicable legal requirements to provide additional notice and/or obtain consent, any changes to this Statement will be communicated to you through existing McDonald’s communication channels and resources.