Halsted Hospitality Ltd. (the "Company"), franchisee of Potbelly Franchising, LLC, knows that you care how your Personal Information is used and shared, and your privacy is very important to us too! We appreciate your trust that we will use any Personal information we gather carefully, sensibly and at all times in compliance with applicable privacy legislation including the Personal Information Protection and Electronic Documents Act (“PIPEDA”). To better protect your privacy, we provide this Policy explaining our information practices and the choices you can make about the way your information is collected, used and disclosed by the Company.
The Policy applies to all Personal Information the Company collects, uses or discloses about its customers and potential customers in the course of conducting its restaurant business. The Policy does not apply to Personal Information about its employees that is collected, used or disclosed for the purposes of managing the employment relationship.
Personal Information – means information about an identifiable individual. Personal information is broadly defined and includes, but is not limited to a persons age, birthday, marital status, home address, credit card information, personal meal preferences, information about personal interests etc.
Personal Information does not include information that would enable an individual to be contacted at a place of business for example, the person’s name, title, telephone number, address, email or fax number used for business purposes.
Privacy Officer – means the individual(s) responsible for ensuring the Company’s compliance with the Policy and applicable privacy laws.
The Company has appointed a Privacy Officer responsible for ensuring its compliance with the Policy and with all applicable privacy laws. The Privacy Officer’s duties include but are not limited to:
Implementing and ensuring ongoing compliance with this Policy and with procedures to protect your Personal Information;
Receiving and responding to privacy-related complaints and requests for access to or correction of Personal Information;
Training staff and communicating to staff information about the Policy and related privacy practices; and
Developing and updating information to explain the Company’s privacy related policies and procedures.
Why does the Company collect your Personal Information and how is it used?
The Company collects Personal Information for a number of purposes which are explained below. If the collection of Personal Information is necessary for a different purpose, other than what is explained below, this new purpose will be explained to you and documented prior to or at the time your Personal Information is collected.
The Company collects your Personal Information for the following purposes:
Providing you with its products and services;
With your permission, communicating with you about the Company’s promotional offers, events or for other marketing purposes; and
Enabling you to participate in Company contests, online polls etc.
In addition to the purposes described above, the Company’s website may use "cookies” to enhance your experience with the site. Cookies are text files the website places in your computer's browser to store your preferences. Cookies, by themselves, do not tell the Company your email address or other personally identifiable information unless you choose to provide this information (by registering at the site, for example). However, once you choose to furnish the website with personally identifiable information, this information may be linked to the data stored in the cookie.
The Company’s websites may also use web beacons or pixel tags, which are electronic images that may be used on the websites or in Company emails. The Company uses these tools to deliver cookies, count visits, understand usage and campaign effectiveness and to tell if an email has been opened and acted upon.
How do you give/withdraw your consent to the collection use and disclosure of your Personal Information?
The Company will obtain your consent prior to the collection, use or disclosure of your Personal Information unless such consent is not required by law. The Company will make reasonable efforts to ensure you are informed of the purpose(s) for which your Personal Information is being collected, used or disclosed.
Consent may be obtained orally, in writing, electronically or it may be implied where the purpose for collecting, using or disclosing the Personal Information is obvious and you voluntarily provide Personal Information for this purpose. The Company will consider the sensitivity of the Personal Information at issue when determining the manner in which it will obtain consent.
When Personal Information that has been collected is to be used or disclosed for a new previously unidentified purpose, the Company will identify the new purpose either orally or in writing. The Company will obtain your consent prior to making use of or disclosing the Personal Information for this new unidentified purpose. The exception to this commitment is a circumstance where consent to the use or disclosure is not legally required.
The Company will keep a record of a new unidentified purpose for which the Personal Information is used or disclosed. You may withdraw consent to the collection, use and disclosure of your Personal Information at any time, subject to legal or contractual restrictions and reasonable notice. You have a number of different options for withdrawing consent:
You can contact the Privacy Officer using the contact information provided at the bottom of this Policy
You can opt-out of receiving promotional emails by following the "unsubscribe" instructions at the bottom of email marketing communications.
You can usually choose to set your browser to warn you when a cookie is being sent or to remove or reject cookies. Each browser is a little different, so look at your browser help menu to learn the correct way to modify your cookie settings. If you choose to remove or reject cookies, it will affect many features or services on the Company’s Website.
How long is your Personal Information retained and how is it destroyed?
Your Personal Information is retained only as long as necessary to fulfill the purpose for which it was collected. Personal Information that is the subject of a request for access under the PIPEDA shall be retained as long as necessary to allow you time to exhaust all recourse under PIPEDA.
When Personal Information is no longer required, it shall be destroyed, deleted, erased or converted into an anonymous form.
What safeguards does the Company use to protect your Personal Information?
The Company maintains administrative, technical and physical safeguards to protect against the loss, misuse, unauthorized access, or disclosure of Personal Information. The Company takes the following precautions to ensure the security of Personal Information collected, transmitted and stored in paper and electronic form:
Locked filing cabinets
How can you access and correct your Personal Information?
Upon request, the Company will inform you of the existence of Personal Information that it holds about you and the circumstances in which your Personal Information was used including the identity of any third parties to whom it was disclosed.
Subject to limited exceptions and upon request, the Company will provide you with access to your Personal Information. Exceptions to the right of access include but are not limited to circumstances in which it would be prohibitively costly to provide access to the Personal Information, the Personal Information contains references to other individuals, the Personal Information cannot be disclosed for legal, security, or commercial proprietary reasons, and the Personal Information is subject to solicitor-client or litigation privilege.
The Company does its best to ensure the accuracy and completeness of your Personal Information. However, you may request that the Company correct inaccurate or incomplete Personal Information. Where you have demonstrated the Personal Information held about you by the Company is inaccurate and it is able to do so, the Company will make the necessary correction or if the information is located in records received from third parties, appropriately notify the third party of the existence of the inaccuracy.
All requests under this section of the Policy must be made in writing to the Company’s Privacy Officer and must be sufficiently detailed to enable the Company to understand and respond to the request.
The Company will respond to requests under this section of the Policy within thirty (30) days or such shorter time as may be required by law. If the Company is unable to respond within thirty (30) days it will provide a written notice of an extension of the timeline for responding.
Where a request made under this section is refused in full or in part, the Comapny will notify you in writing and will provide the reasons for refusal. Where your request to correct Personal Information is denied, the Company will maintain a record of the request and denial.
What if you have a complaint?
Concerns or complaints regarding the Company’s compliance with this Policy or with applicable privacy laws should be made in writing to the Privacy Officer.
This Policy is made available on the Company’s website.
Any questions or complaints about this Policy or about the Company’s privacy-related practices may be directed to the Company’s Privacy Officer:
33 Bloor Street East, Suite 404
Toronto ON Canada M4W 3H1
416 855 9944