Moxie’s Restaurants, Limited Partnership
Franchisees of Moxies are responsible for the collection, use and disclosure of information collected by them and/or used by them as part of their franchised business.
Please read this Policy carefully and contact us if you have any questions. If you do not agree with this Policy, you should not access or use the Sites.
This Policy was last updated on August 11, 2022. We may amend this Policy from time to time and, as such, you should review its terms each time that you visit our Sites. Any changes to this Policy will be promptly communicated on this page but will not go into effect until at least five (5) days after they are posted.
Meaning of «Personal Information»
«Personal information» as used in this Policy means information about an identified or identifiable individual. An identifiable individual is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual. Personal information does not include general, statistical, anonymized or aggregated information.
Accountability and Openness / Privacy Officer
Moxies is responsible for personal information under our control, and we are accountable to you for its collection, use and disclosure by us. We have established policies and procedures to safeguard any personal information that we have on file or which we collect, and to deal with complaints and inquiries. We will only collect personally identifiable data as described in this Policy.
In this Policy, we have attempted to provide you with manageable, comprehensive and easily understandable information regarding the policies and procedures that we use to manage your personal information. However, we recognize that different individuals require different levels of detail and invite you to contact us directly as set out below should you require further information.
Moxies has designated a chief privacy officer («Privacy Officer») who is accountable for the protection of data containing personal information and for our compliance with this Policy generally, as well as for ensuring that information about our practices relating to the management of personal information is easily accessible and understood.
All questions or concerns regarding this Policy, our compliance with it, as well as any of our processes and procedures relating to the collection, use and disclosure of your personal information, should be directed to the Privacy Officer in writing, and sent by email to email@example.com or by post to:
Privacy Officer — Northland Restaurant Group
Moxie’s Restaurants, Limited Partnership
310-1755 West Broadway, Vancouver, B.C., V6J 4S5.
Personal Information We Collect
What Information is Collected and How?
In conducting every aspect of our business, we may collect personal information. Such information may include, without limitation: your name, home and mailing addresses, email addresses, telephone numbers, credit or debit card numbers or other payment methods, date of birth, age, gender, billing information and other types of personal information that you choose to provide to us or that we may obtain about you. We collect personal information only to the extent that it is necessary for the purposes set out below (see: Purpose — Why We Collect, Use and Disclose Information). In most cases, we will collect personal information directly from you when you interact with us with respect to our restaurants, online market or any other product or service that we offer. Interaction may be through our third party providers, such as gift cards, or through our Sites. Occasionally, we may collect personal information from a third party based on your consent or as otherwise permitted by law. Personal information will always be collected using means that are transparent, fair and lawful.
A. Directly from You
We collect information you provide to us. This may include, for example, when you transact business with us, consider or apply for franchise or ownership opportunities, use our Services, look up nearby restaurants, make a reservation, sign up for special offers, fill out a contact form, submit an order for a gift card, apply for a job, log in to a WiFi network in one of our restaurants, enter promotions or contests offered by us, call our customer service team, respond to a survey or advertisements, or communicate with us in any way.
If you provide comments or other feedback to us, you agree that such comments or other feedback become the property of Moxies, and we may use, disclose and share them with our partners for any purpose provided that we do not associate them with your personally identifiable information without your express consent.
B. From Security Cameras
When you visit one of our restaurants, we may have security cameras that will collect audio and video images.
C. From Other Sources
We may collect information about you from a variety of third parties. For example, we may obtain information about you from:
- provincial and federal government agencies;
- credit bureaus and credit reporting agencies, such as Equifax;
- social media networks when you grant permission to access your data on one or more networks; and,
- publicly available sources and data suppliers from which we obtain data to validate or supplement.
Our service providers may also provide us with personal information that you submit to them. For example, if you apply for a job using the career portal, purchase a gift card, order catering, provide feedback on a recent visit, make a reservation, or place an order with a delivery service, you may submit personal information to one or more of our service providers that may share your information with us
D. Information Collected Through Automated Means
When you use our Services (i.e. visit our website or use applications that run on mobile devices or tablets, or use our WiFi), some of your information is logged or collected automatically. For example, when you visit our website, we may collect device, usage and log information such as your computer’s operating system, Internet Protocol (IP) address, access times, browser type and language, the search engine you used to locate the website, and the website you visited before or after our site. In addition, we gather certain navigational information about where you go on our website to help us determine which areas of the website are most frequently visited and helps us to tailor the sites to the needs and interests of our online visitors. If you use our mobile applications or use our Services on a mobile device or tablet, we may also collect your device type, mobile phone number, operating system type, wireless carrier, and device IDs, on our mobile applications.
We may review server logs and traffic for system administration and security purposes, for example to detect intrusions into our network, for planning and improving web services, and to monitor and compile statistics about website usage. The possibility therefore exists that server log data, which contains users’ IP addresses, could in instances of criminal malfeasance be used to trace and identify individuals. In such instances, we may share raw data logs with the appropriate authorities for the purpose of investigating security breaches.
When you visit our website, we, or an authorized third party, place or recognize a unique cookie on your browser (including through use of pixel tags) that collects information, including personal information, about your online activities over time and across different sites. We also use web beacons and pixels in our emails to collect information about how you interact with our emails. For example, we may place a pixel in marketing emails that notify us when you click on a link in the email. We use these technologies and the information they collect: (a) for security purposes; (b) to remember information so that you will not have to re-enter it during your visit or the next time you visit the site; © to provide custom, personalized content and information; © to gather aggregate statistical data and metrics such as total number of visitors, traffic, and demographic patterns to continually improve design and functionality, as well as understand how the websites are used and assist us with resolving questions; (d) to diagnose or fix technology problems; and (e) to evaluate the effectiveness of, and improve our marketing and advertising.
Use of your personal information collected for the purpose of sending electronic messaging, including sending marketing or advertising, will be subject to applicable ‘anti-spam’ laws including obtaining your express consent if so required (see: Consent).
Cookies: «Cookies» are small text files that are placed on your computer by websites that you visit. They are used to identify you to the web server and will tell the server who you are when you return to a page on the same website. Your browser will only send a cookie back to the domain that originally sent it to you. A cookie cannot run any programs, deliver any viruses, or send back information about your system. There are different types of cookies: Session cookies expire when you close your browser. Persistent cookies remain on your device until they are deleted or expire.
Most web browsers automatically accept cookies, but if you do not wish to have cookies on your system, you should adjust your browser settings to decline them or to alert you when cookies are being sent. The management of cookies varies for each browser, and you should consult the «Help» menu of your browser. Certain professional adverting platforms also provide users with the option to accept or block cookies used by their clients.
If you decline cookies, you may still be able to use the Sites but your ability to access certain pages, features and functions may be affected. To find out more about cookies, including how to see what cookies have been set and how to manage and remove them, please visit AboutCookies.org.
Settings and Use of our guest WiFi. In order to use guest WiFi at any of our locations, you will be asked to provide your email address and consent to the use of your email for the purpose of electronic marketing or advertising messaging. You may be able to enable or disable location tracking by adjusting the permissions in your account or device settings. Be aware that if GPS precise location services are disabled, other means of establishing or estimating location (e.g., connecting to or proximity to WiFi, Bluetooth, beacons, or our networks) may persist. Enabling location tracking may enable the WiFi to track your location in the background, which may decrease battery life.
You may also be able to enable or disable certain features (e.g. view WiFi connection) by adjusting the permissions in your device settings. The foregoing only applies if you choose to use our guest WiFi and accept commercial messaging at the email address provided for access.
«DO NOT TRACK» DISCLOSURE
We do not collect or respond to Do Not Track signals and our websites do not function differently based on any Do Not Track preferences that may be received. For more information on Do Not Track signals, please visit https://allaboutdnt.com/.
Consent for the collection, use or disclosure of personal information may be express or implied as determined by law. For consent to be meaningful, it must be informed, unambiguous and freely given. Consent will only be valid if it is reasonable to expect that the individual understands the nature, purpose and consequences of the collection, use or disclosure of the personal information to which they are consenting. Typically, where we rely on consent to process your personal information, we will seek your consent at the time of collection, and efforts will be made to ensure that you understand the purpose (s) for which the information will be used or disclosed. Opt-ins (such as checking a box that clearly specifies to what you are agreeing and indicates agreement by checking) are forms of express consent. Implied consent takes various forms and may include providing an email where it is indicated for what purpose the email may be used, for example reaching you if you were the winner in a contest.
If you have provided information on a location page for a franchised location or in respect to a franchised location, your information will be provided to the franchisee in order to facilitate the purpose for which your information was provided. For example, if you have booked through the website for a certain location which is franchised, your information will be provided to that franchised location.
Part of providing meaningful consent is understanding the risk of harm and other consequences of the disclosure of your personal information. While we endeavour to continually use best practices to minimize the risk of harm (See: Safeguards — How Information is Protected, below), technology is constantly evolving and no safeguards can be guaranteed to be failsafe or to provide absolute protection against malfeasors. Significant harm that may result from the unauthorized use of the personal information that you disclose includes identity theft and credit card fraud.
Withdrawal of consent / objection to processing
You may always choose not to disclose personal information. Also, when we are using your personal information on the basis of your consent, you may withdraw or change your consent at any time. To withdraw or change your consent to our use of your personal information, please send your request in writing, along with details of the use of your information that you wish to change or withdraw your consent for, to the Privacy Officer at the address set out above (see: Accountability and Openness / Privacy Officer). Please note that where our processing of your personal information is not based on your consent (but is based on another legal ground), then we may not be able to comply with your request. We will inform you of this in writing if this is the case.
When we are using your personal information on the basis of our legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground, you may raise your objections to us. To do so, please send details of your objection in writing to the Privacy Officer at the address set out above (see: Accountability and Openness / Privacy Officer).
In some circumstances, particularly where our (or a franchisee’s) use of your information is integral to the provision of a product or service, your refusal to provide consent, or a change or withdrawal of consent, may affect your transactions and/or our (or a franchisee’s) ability to provide you with information, products or services.
Purposes — Why We Collect, Use and Disclose Information
We will not collect personal information which is not necessary and, except as specified below, will not use or disclose personal information for any purpose other than the purpose (s) for which it was collected without first notifying you or obtaining your consent, as applicable. The information that we collect is used and disclosed only for business purposes.
We may use your personal information to:
- Complete contracts as well as any disclosures or other documents required by law;
- Determine your eligibility for special offers, special pricing, discounts, promotions, and rebates;
- Provide, develop, maintain, and improve our products and Services (e.g. to evaluate the performance of our staff; to assess the quality of our products and Services; and to help us improve our websites, restaurants and facilities);
- Process any applications, forms, requests, orders, purchases, inquiries, or other information
- Perform research and analytical activities (e.g. identifying trends and the effectiveness of marketing campaigns);
- Conduct audits, security and fraud monitoring and prevention; Protect our legitimate business interests and legal rights;
- Manage all aspects of an applicant or employee’s employment relationship, including, but not limited to the establishment, maintenance, and termination of employment relationships;
- Assist us with legal claims, compliance, regulatory and investigative purposes as necessary (including in connection with law enforcement investigations, legal process, or litigation);
- Send marketing communications, promotional offers, and periodic customer satisfaction, market research or quality assurance surveys;
- Market and advertise our restaurants and menu items;
- Communicate with you;
- Process payments and complete purchase of gift cards, take-out and delivery orders through the Site, catering, or other products;
- Create, update and permit you to access your customer account;
- Administer and support participation in sweepstakes, events, special offers, special pricing, discounts, and promotions; and
- Personalize our Services, including content, ads and offerings.
We may also use personal information we have collected and aggregated, or anonymized personal information received from third parties, to understand more about our users (for example, we may use aggregated information to calculate the percentage of our users who have a particular telephone area code). This includes demographic data, inferred commercial interests, and other information we may collect from you or from third parties.
Where personal information that has been collected is to be used for a purpose not previously identified, we will notify you of the new purpose and, where necessary, obtain your consent, prior to the use of that information for the new purpose unless otherwise permitted by law.
We comply with applicable «anti-spam» legislation and will only send you electronic communications as permitted by law. Note that you may always unsubscribe from our electronic communications by following the «unsubscribe» link clearly included in each communication, or by notifying the Privacy Officer at the address set out above (see: Accountability and Openness / Privacy Officer)
Legal Basis for the Use of Your Personal Information (EEA and UK Residents)
Moxies will only process your personal information where we have a legal basis to do so. The legal basis will depend upon the reason or reasons for which we collected and require the use of your information. The legal basis will generally be one or more of the following:
- The performance of the contract that we have, or a franchisee has, with you, for example, for the purpose of making, managing and completing reservations, creating customer accounts, processing payments, the purchase of gift cards, returning lost or forgotten items, and providing our services to you.
- Our legitimate interests (or those of a third party, including franchisees) in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting the Privacy Officer at the address set out above (see: Accountability and Openness / Privacy Officer).
- To comply with legal obligations.
- To protect your vital interests, or those of another natural person.
- Where you have consented to our use of your personal information for particular purposes, such as direct marketing. Where we process personal information based on your consent, you may withdraw your consent at any time by contacting the Privacy Officer at the address set out above (see: Accountability and Openness / Privacy Officer).
Where we collect and use ‘sensitive’ personal information (such information which may fall under a prohibited ground of discrimination), we need to have further justification for collecting, storing and using this type of personal information. We have in place appropriate safeguards which we are required by law to maintain when processing such data. We process special categories of personal information in the following circumstances:
- In limited circumstances, with your explicit written consent.
- Where we need to carry out our legal obligations or exercise rights in connection with employment.
- Where it is needed in the public interest, such as for disability and accessibility.
- Where it is needed to protect the vital interests of individuals.
- Where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent.
- Where you have already made the information manifestly public.
Disclosure to / Sharing with Third Parties
We may share your personal information with the third parties described below.
Service Providers. We may share your personal information with third parties who work on behalf of, or with, us such as vendors, processors, suppliers, agents, attorneys, and representatives (collectively, «Service Providers»). Service Providers assist us with a variety of functions including, but not limited to, sending marketing communications, processing payment of gift cards, assisting with advertising and related analytics, delivering orders, providing management services, conducting research or surveys, sending regular mail and e-mail, maintaining databases, or processing credit card payments.
Affiliate Companies. We may share personal information with our affiliated entities from time to time (collectively, «Affiliates»).
Franchisees. We may share personal information with one of our franchisees if the purpose for which it was collected requires such sharing. For example, booking at a franchised location.
Government Agencies. We may share your personal information with government agencies (collectively, «Government Agencies»).
Except as specifically provided in this Policy or permitted by law, your personally identifiable information will not be shared with third parties unless we provide you with both prior notice and choice.
In the course of our supply of products and services to you, or your participation in marketing programs such as local events, we may delegate our authority to collect, access, use, and disseminate your information to franchisee (s). If you do not agree to our disclosure of your information to these parties, you may not be able to participate in certain programs or we may not be able to provide you with the products, services or programs that we engage them to provide, and this may impact your ability to access or use our services generally.
Sweepstakes, Contests and Other Promotions
Personal Information of Children
We do not knowingly collect or store any personal information from anyone under the age of 16. If we become aware that we have collected or stored personal information from an individual under age 16, we will remove his/her/their personal information from our files. If you are a parent or guardian and believe we may have inadvertently collected personal information from your child, please notify us immediately by contacting us at: 1-877-466-9437.
Retention of Personal Information
Subject to any legal or accounting requirements, we will retain personal information only as long as necessary to fulfill the purposes for which it was collected. Personal information that is no longer required will be destroyed, erased or made anonymous, although copies of deleted information may continue to exist on back-up media. In certain circumstances, you may request the erasure of your personal information, which we will endeavor to do without undue delay as required by applicable law. Written requests should be sent to the Privacy Officer at the address set out above (see: Accountability and Openness / Privacy Officer). Any third-parties or franchisees to which we disclose your personal information (see: Disclosure to Third Parties) must return or destroy the information when it is no longer required for the purpose for which it was provided.
Safeguards — How Information is Protected
We have implemented physical, organizational, contractual and technological security measures to protect personal information in our possession or under our control from loss or theft, and from unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held. The safeguards applied will depend on the sensitivity of the personal information, with the highest level of protection given to the most sensitive information. Staff permission to access personal information is role-based and is determined in accordance with the purpose for which the information has been disclosed (see: Purpose — Why We Collect, Use and Disclose Information), and the staff member’s role in fulfilling that purpose. Our data systems use user IDs, passwords, and encryption technology. We store our data with third party cloud providers, secure on-site property management systems and remote servers hosted by reputable companies in Canada, USA and the UK. Staff and contractors who have access to personal information are bound by confidentiality obligations in order to ensure that information is handled and stored in a confidential and secure manner. Any credit card information that you submit will not be stored on our servers, but rather will be sent to a PCI Level 1-compliant payment processor for storage. When destroying personal information, we delete electronically stored personal information. While we will endeavour to destroy copies of personal information, you acknowledge that deleted information may continue to exist on back-up media but will not be used unless permitted by law.
We will continually review and update our security policies and controls as technology evolves. However, no security technology can be guaranteed to be failsafe. Using the Internet or other public means of communication to collect and process personal information may involve the transmission of data on an international basis and across networks not owned and/or operated by us. Accordingly, we cannot guarantee that personal information will not be lost, or that it will not be altered, intercepted or stored by an unauthorized third party.
Accuracy / Individual Access / Erasure
Personal information contained in our records or which is disclosed to third parties for the purposes described above shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is used. You may request access to the personal information that we hold about you by submitting a written request to the Privacy Officer at the address set out above (see: Accountability and Openness / Privacy Officer). Including «Request personal information» in the subject line of your email or letter will facilitate compliance with your request. We will inform you of your personal information held by us and provide an account of the use that has been made of the information, as well as identify any third parties to whom we have disclosed the information. In some instances, you may also be entitled to receive a copy of your personal information in a structured, commonly-use, machine-readable format (or request that this be transferred to a third party where technically possible). In certain circumstances, Moxies may not be able to provide you with access to all or some of your personal information, in which case you will be advised in writing of the reasons for our inability to provide you with the information.
You also have the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect. If you demonstrate the inaccuracy or incompleteness of your personal information, the information will be amended as appropriate. You should advise us immediately if you discover inaccuracies in our data or if your personal information changes. All notices and requests regarding inaccuracies or changes should be in writing and sent to the Privacy Officer at the address set out above (see: Accountability and Openness / Privacy Officer).
In certain circumstances, you have the right to require that we erase, limit, or cease processing your personal information. All notices and requests asking us to erase, limit or stop processing your personal information should be in writing and sent to the Privacy Officer at the address set out above (see: Accountability and Openness / Privacy Officer).
International Transfer and Storage of Information
Your personal information may be transmitted, transferred, processed, backed-up and/or stored outside of Canada, including in the United States and UK. In particular, many of the third parties that we work with and certain of our third parties to which we disclose your personal information (see: Disclosure to/ Sharing with Third Parties) may use and store that information at their facilities outside of Canada. We will use reasonable means to ensure that your information is protected, including written agreements with our third-party subcontractors, but cannot guarantee that the laws of any foreign jurisdiction will accord the same degree of protection as the laws of Canada.
EEA and UK Residents: When we transfer the personal information of individuals from the European Economic Area or the United Kingdom to a country or organization that is outside of the European Economic Area or the United Kingdom, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following transfer solutions is implemented:
- We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries;
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
- You may make a request in writing if you would like further information on the specific mechanism used by us when we transfer personal information to countries or organizations that are outside of the European Economic Area or the UK by contacting the Privacy Officer at the address set out above (see: Accountability and Openness / Privacy Officer).
Note if you are accessing our website in respect to US locations, please review the US documents related to use of the website.
Links to other Websites
The Sites may contain optional links to services and other third party Internet sites that we believe may be of interest to you. These include links to sites belonging to our related brands; Twitter; Facebook; Instagram and others. If you click on these links, you will leave the Moxies website, and these third parties may collect data from you or your electronic devices in connection with your visit to their websites. The accessing and use of third party websites is at your own risk, and we cannot assume responsibility for the privacy practices, policies or actions of the third parties who operate those websites. This Policy applies only to Moxies’ websites, and we encourage you to review the privacy policies contained on each Internet site that you access.
Inquiries, requests and complaints regarding our compliance with this Policy should be directed to the Privacy Officer (see: Accountability and Openness / Privacy Officer).
Every complaint or challenge regarding our compliance with this Policy will be investigated, and where a deficiency is found to exist, we will take appropriate measures to address it. This may include amending our policies and procedures as necessary. We will also cooperate with regulatory authorities to resolve any complaints that cannot be resolved between us and an individual.
If you are entitled to data protection rights under European Union law or the law of the United Kingdom, you are also be entitled to lodge a complaint with the relevant supervisory authority that deals with data protection matters in your jurisdiction.