Privacy POLICY
Privacy Policy Highlights
TIM HORTONS® Privacy Policy describes the information we collect and how it is used and shared. This policy applies to any information collected about you by Tim Hortons when you do any of the following (collectively, the “Services”): (i) visit a Tim Hortons store, or (ii) use in the GCC the website, mobile or tablet application, digital in-restaurant kiosk, or other online service This summary provides the highlights of our policy.
When you make a purchase on one of our store or via our app, we collect various types of information about our users in connection with the Services, including:
- Information you provide to us;
- Information we collect about your use of our Services;
- Information about your use of the Services; and
- Information we obtain from third-party sources.
We also may collect information in ways that we describe to you at the point of collection or otherwise with your consent.
When you purchase an item online via our website or our app, we collect your name and – in case you are a small business – your company name, full postal and/or separate billing address, e-mail address, ordered and returned products, delivery information and invoice information. We will also collect data on your usage vouchers and/or gift cards. Furthermore, you may choose to provide us with your date of birth and telephone number. We do not collect information related to the payment instrument that you use, e.g. credit card information. This information is processed solely by our payment service provider and by the providers of the payment instruments subject to strict information security assurances.
During the purchasing process, you have the option to set up a personal Tim Hortons account. If you choose to do so, we will ask you to consent to receiving newsletters and other (electronic) communications via post, e-mail and/or SMS. You can log-on to your account through your Facebook, Google+, Instagram and other social media accounts. If you choose to make use of this functionality, we will collect basic profile information from your social media account, including name and e-mail address. Please note that the social media provider through which you are signing in to your Tim Hortons account will be notified on your access to the account. The processing of such access information is subject to the privacy notice of the respective social media provider(s).
Account holders are offered the option to enroll in our loyalty program. In case that you enroll, you will receive a personal account number. Upon your enrolment we will collect your profile information, your offline & online purchase history (in the store, based in your personal account number), the contents of your online wish list and the e-mail addresses of your friends if you would choose to provide us with those, for instance in connection with a tell a friend promotion. When you insert the e-mail address of a friend we will store that in your account.
When you visit our website or use our app
When you visit one of our websites or use our app we will drop cookies, pixels and other digital tools with similar functionality on your device that enable us to monitor your behaviour. These cookies channel back data to our data analytics tools. Depending on whether you are visiting our website or use the app, we can trace from which marketing channel you originated (e.g. Google AdWords, e-mail newsletter), what pages you viewed, which products you have added to your cart and which ones you bought. We also receive information on how you use and interact with the site as well as on the amount of time that you spend on it. The server of our website also collects basic information that relates to the request that is made from your browser when you visit the site. This data may include information on your last visit date and time, timestamp of the browser request, your IP address, basic HTTP header information (like referral URL and user agent) and previous URL that was requested by your browser. Our use of cookies, pixels and other digital tools with similar functionality, is described in more detail in our cookie notice which can be found here.
When you visit a store
In our store, depending on whether you are a consumer or a small business, we collect your company name, personal name, address and other relevant personal details if this is needed to comply by local fiscal and legal requirements. We may need this information to be able to provide you with a refund or a fiscal receipt (VAT receipt). This data is collected via our point of sale terminal in the store. In case you have enrolled in our loyalty program, we will link your in-store purchases to your account when you present us with your (Tim Hortons) loyalty program card details.
If you have downloaded our app we may collect your GPS-data (only if you accept location services) or data that is collected based on your usage of the app (i.e. on the basis of your usage of the bar code scanning functionality of the app). The app may also have Beacon functionality (a beacon sends out signals to nearby smartphones, tablets and other devises, containing a small amount of data). In case you encounter a Beacon in one of our stores and have enabled location sharing and Bluetooth on your mobile device, the signal of the Beacon may trigger specific functionality in your app. The Beacon functionality that we currently use is providing you with push messages (e.g. a local voucher) or we may link the receipt of the Beacon signal by the app to link your visit to the store to your online activity.
In our stores, we may conduct Wi-Fi tracking to monitor visits to our store and in store movement of customers. Wi-Fi tracking is also used to monitor window display conversion, e.g. the number of people that watch the window display of the store go into the store. Wi-Fi tracking makes use of the unique identifier of your device, such as a MAC address. Due to the fact that this kind of data is converted to an alternative format upon receipt, we cannot track you as a unique visitor. If we use Wi-Fi tracking in our store, this will be indicated with a logo in our store or on the window.
When you use our in-store free Wi-Fi (in the stores that offer this option) we collect your MAC address as well as information on your browsing behavior. Free Wi-Fi is only available once your mobile device is registered as being present in our store.
When you opt-in to receive our newsletter or promotional communications or click on a link in an e-mail
We will collect your e-mail address and/or mobile number. In addition, we will retain a history of the e-mail and SMS messages that we sent to you and we will record what you do with these messages.
When you actively communicate on us or our brands on social media
If you actively communicate on us or our brands on social media, we collect a copy of your communication. In order to enable us to do so we contracted a third party for the provisioning of social listening services.
Our Marketing Activites
Based on your on- and offline purchase history and your behaviour on website and app, we will set-up and maintain your personal digital marketing profile. We can also try and infer data regarding you as a person by matching your data profile with customers that have a similar profile.
We use your digital marketing profile and customer look-alike profile to target a similar audience of consumers to make sure that we only show you advertisements that will most likely suit your personal taste. This is called targeted advertising. The more successful we are in targeted advertising, the higher our (prospective) customer satisfaction.
In order to support our targeted advertising we make use of a Data Management Platform, DMP. A DMP is a third party platform that processes data that is derived from your online behavior on our website, apps and the way you react to advertisement to come to insights that can help us create relevant targeted advertising. The platform links data that is derived from your online behavior on our website through an online identifier especially created for the purpose of supporting us for this purpose and to be as relevant as possible. The identifier enables us to individualise your behavior.
Although the DMP profile exists in parallel to your personal digital marketing profile, we do export information from the DMP to your personal digital marketing profile and vice versa. We can furthermore complete and amplify your DMP profile with data from third party DMPs or by adding data from data vendors. For instance, data regarding the weather can be added to the DMP, helping us to show advertisements on items that are appropriate to your local weather. These second and third party data sources change regularly. If you would like to know what data sources we use in the DMP at any given point in time please send a request to the e-mail address indicated at the bottom of this privacy notice.
Targeted advertising achieved by using your data as explained, may result in us showing specific (targeted) advertisements on Facebook, Google properties, online properties of so-called affiliate parties and other online locations. We may also use retargeting to show you a targeted advertisement on a third-party website that is linked to an event on our website or app, for example your failure to complete a specific purchase. Our advertisements may also lead to the addition of your personal data to advertising profiles that third parties maintain about you. Facebook, Google and other online actors can independently register your use of our advertisements.
You can request us to remove your digital marketing profile by sending us an e-mail to the contact e-mail address that is displayed below. Please note that this is only possible if you have a personal account.
For which purposes do we process your personal data?
Your personal data will be processed for the following purposes:
a) To fulfil your orders, this includes answering your queries on the phone, via post, via e-mail or online via chat;
b) To validate whether your personal data is not associated with fraudulent credit card usage or excessive credit card charge backs;
c) To provide effective targeted advertising to you. Effective targeted advertising is advertising optimized to your (inferred) personal preferences. Targeted advertising includes both online advertisements and advertisements in direct marketing communications;
d) If you have opted-in and thus agreed to receive these; send direct marketing messages to you and monitor your interaction with these messages;
e) To further improve the functionality and the responsiveness of our chatbot(s);
f) To perform social listening. Social listening is performed to enable us to have a general view of the opinion of people about us and our brands and to get an idea of relevant online influencers;
g) To administer the membership of our loyalty program;
h) To compose future item collections that meet your requirements and those of other customers;
i) To fulfil our legal obligations, for example our financial bookkeeping obligations;
j) To improve your user experience i.e. provide clear information, guidance to complete purchase etc.;
k) To service personalized content (e.g. product, size recommendations) across Tim Hortons platforms
l) To provide high level of service, so when you contact us we can support you with reference to your interactions with the shop;
m) To enable the technical and functional management of our website and our app (including maintaining information security), for example by identifying parts of the websites that have a low latency;
n) All of the above also applies to small businesses.
What processing grounds do we utilize?
The way we process data is based on four processing grounds: (i) the performance of the purchase agreement between you and us for one or more items, (ii) to perform one or more of our legal obligations, (iii) your consent and (iv) our legitimate interest. These processing grounds may be combined whenever appropriate. When we request your consent, you may withdraw it at any time. The legitimate interests that we pursue is our interest to sell more items to you and make sure that these items are to your liking. For instance, when we validate whether your personal data is not associated with fraudulent credit card use or excessive credit card charge backs, this is because we want to avoid delivering an item to you without receiving the purchase price in return. Also social listening is performed to enable us to have a general view of the opinion of people about us and our brands and to get an idea of relevant online influencers.
If you fail to provide the obligatory data we request from you in the context of a purchase, the consequence of such failure is that the purchase cannot be completed.
Who has access to your personal data?
Your personal data can be accessed by our employees to the extent that this access is required to enable them to perform their work for us. In addition, your personal data can be accessed by our external service providers, including our parent company Tim Hortons or AG Café International Management Ltd or Apparel FZCO provides us with IT services, hosting services, digital advertising services and other services we need to be able to run our business. All third parties that we work with, that have access to your personal date, are subject to data processing agreement(s) that guarantee(s) that this data is exclusively processed for the purposes listed above.
If specifically required, by applicable law we may provide your personal data to regulatory authorities, police, justice department, fiscal authorities and other authorities assigned with investigative powers pursuant to applicable law.
How long do we retain your personal data?
We retain your personal data for the period that you actively interact with us. You are no longer considered to be actively interacting with us if, for a consecutive period of two (2) years, you have not purchased an item from us or have not visited one of our website(s) or used our app. After this two (2) year period we will only retain specific data that needs to be retained pursuant to a legal obligation of ours, e.g. records such as an invoice or a payment record.
In case you’ve opted-in to receive direct marketing communications from us, the data that we need to send you these communications will continued to be used (processed) by us until you opt-out from receiving them.
If you have an account, you can always request that we delete the account and its contents. You can do so by sending an e-mail to the e-mail address listed below.
Your rights
You have the right to access your personal data that we collect and process and may request from us that we rectify or erase personal data or restrict the processing of your personal data or object to the processing. In addition, you have the statutory right to file a complaint with a competent data protection authority.
You can exercise your rights towards us by sending an e-mail to the contact e-mail address listed below. We note that we will only oblige an exercise of rights by customers that have an (Club) account. For other non-registered customers, we are not able to verify your entitlement to the personal data to which your exercise of rights relates to.
If you wish to opt-out from receiving direct marketing communications you can click the opt-out link in the respective message or indicate your opt-out in your account settings.
Our Contact details
Any enquiries can be addressed to hotline: 800-TIMS (8467) or Email: support@timhortonsgcc.com
Privacy Policy (KSA only)
This policy is effective as of September 2024.
Apparel Group and its affiliated brands/ partners (hereafter referred to as ‘Apparel Group’, ‘We’, ‘we’, ‘our’, ‘us’), respects the privacy of its Users (“User,” “your,” or “you”). This Privacy Policy (“Policy”) explains how we collect, process, disclose, and safeguard your data when you use Apparel Group and its affiliated brands/ partners websites, applications (“Platform”).
What Personal Data do we collect?
We collect your personal data relating to your identity, demographics when you use the Platform. Some of the data that we may collect includes but is not limited to data provided to us during sign-up/registering or using our Platform such as name, date of birth, address, contact number, email ID and any such data shared as proof of identity or address.
Some of the sensitive personal data may be collected with your consent, such as your bank account or credit or debit card or other payment instrument information or physiological information (in order to enable use of certain features when opted for, available on the Platform to assist you with your shopping experience) etc. all of the above being in accordance with Personal Data Protection Law, KSA.
Our primary goal in doing so is to provide you with a safe, efficient and customized experience. In general, you can browse the Platform without telling us who you are or revealing any personal data about yourself. Once you give us your personal data, you are not anonymous to us. Where possible, we indicate which fields are required and which fields are optional. You always have the option to not provide data, by choosing not to use a particular service or feature on the Platform. We may track your buying behavior, preferences, customer call data records, device location, browsing history, URL, IP Address and other data that you choose to provide on our Platform. We use this data to do research on our users’ demographics, interests, and behavior to better understand and serve our users. This data is compiled and analyzed on an aggregated basis.
If you enroll into our loyalty program, surveys or participate in third party loyalty program or surveys offered by us, we will collect your personal data such as name, contact number, email address, communication address, date of birth, gender, PO Box / zip code, lifestyle information and demographic details which is provided by you. Participation in these surveys is voluntary. You may be redirected to third party partner websites/ platforms via our Platform for participating in such loyalty programs or surveys. When such a third-party partner collects your personal data directly from you, you will be governed by their privacy policies. We shall not be responsible for the third-party partner’s privacy practices or the content of their privacy policies, and we request you to read their privacy policies prior to disclosing any data.
If you choose to post messages, photos, gift card message box, or leave feedback/product review or if you use voice commands to shop on the Platform, we will collect that data you provide to us. Furthermore, we may use the images shared by you. Note that such messages posted by you will be in public domain and can be read by others too, please exercise caution while posting such messages, personal details, photos and reviews. We retain this information as necessary to resolve disputes, provide customer support, internal research and troubleshoot issues as permitted by law.
If you send us personal correspondence, such as emails or letters, or if other users or third parties send us correspondence about your activities or postings on the Platform, we may collect such data. While you can browse some sections of our Platform without being a registered member, certain activities (such as placing an order or consuming our online content or services or participating in any event) require registration. We may use your contact data to send you promotional or marketing offers based on your previous orders or preferences.
If you receive an email, notifications/ website links/ a call from a person/association claiming to be from Apparel Group seeking any personal data like debit/credit card PIN, net-banking or mobile banking password, we request you to never provide such data. We at Apparel Group or our affiliate logistics partners do not request you for such data. If you have already revealed such data, report it immediately to an appropriate law enforcement agency.
How do we use your Personal Data?
We use personal data to provide the services you request. To the extent we use your personal data to market to you, we will provide you with the ability to opt out. We use your personal data to assist sellers and business partners in handling and fulfilling orders; enhancing customer experience; to resolve disputes; troubleshoot problems; help promote a safe service; collect money for our product or services; inform you about offers, products, services, and updates; customize your experience; detect and protect us against error, fraud and other criminal activity; enforce our terms and conditions; conduct marketing research, analysis and surveys; and as otherwise described to you at the time of collection of data. We will ask for your permission to allow us access to your text messages (SMS), instant messages, contacts in your directory, camera, photo gallery, location and device information: (i) to send commercial communication regarding your orders or other products and services (ii) enhance your experience on the Platform and provide you access to the products and services offered on the Platform by sellers or affiliates. You understand that your access to these products/services may be affected if you do not provide us with your consent.
In our efforts to continually improve our products and services, we collect and analyze demographic and profile data about users’ activity on our Platform. We identify and use your IP address to help diagnose problems with our server, and to administer our Platform. Your IP address is also used to help identify you and to gather broad demographic information. (in accordance with Article 4, Implementing Regulations, KSA)
Who do we share your Personal Data with?
We may share your personal data internally within Apparel Group, our other corporate entities, and affiliates to provide you with access to the Platform. These entities and affiliates may market to you unless you explicitly opt-out. We may disclose personal data to third parties such as prepaid payment instrument issuers, third-party reward programs and other payment opted by you. This disclosure may be required for us to provide you services and products, to comply with our legal obligations, to enforce our user agreement, to facilitate our marketing and advertising activities, to prevent, detect, mitigate, and investigate fraudulent or illegal activities.
We may disclose personal and sensitive personal data to government agencies or other authorized law enforcement agencies if required to do so by law or in the good faith belief that such disclosure is reasonably necessary to respond to subpoenas, court orders, or other legal process.
We may disclose personal data to law enforcement offices, third party rights owners, or others in the good faith belief that such disclosure is reasonably necessary to: enforce our Terms or Privacy Policy; respond to claims that an advertisement, posting or other content violates the rights of a third party; or protect the rights, property or personal safety of our users or the general public.
We and our affiliates will share/ sell some or all your personal data with another business should we (or our assets) merge with, or be acquired by that business, or reorganization, restructuring of business. Should such a transaction occur, that other business (or the new combined entity) must follow this Privacy Policy regarding your personal data.
How do we keep your Personal Data secure?
We have implemented reasonable technical and organizational measures to protect the data we collect about you in compliance with our legal privacy and contractual obligations. We also seek appropriate contractual protection from our partners regarding their collection, use or treatment of your data. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any data you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.
By using our Platform or providing personal data to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Platform. If we learn of any breach, we may notify you electronically, by posting a notice on our Platform or by mail. (In accordance with Article 20, Personal Data Protection Law, KSA)
How long do we keep your data?
We retain data collected in the context of our Platform for a period of up to 5 Years, unless otherwise required by law or applicable contract.
We may retain the data as per the instructions of our customers or partners who provide such data or as required to fulfil our contractual obligations. In case any information is provided by you in participation of a survey, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
After the applicable retention period, we will only retain and may only use your data: (i) in an aggregated or anonymized format; (ii) to comply with our legal obligations; and (iii) to resolve disputes and enforce agreements. Please note that the use cases stated in this provision will apply as an exception to your data subject or consumer rights related requests. (in accordance with Article 4, Implementing Regulations, KSA)
Choice to Opt-Out
We provide all users with the opportunity to opt out of receiving non-essential (promotional, marketing-related) communications from us. If you do not wish to receive promotional communications from us, please unsubscribe by clicking on the unsubscribe link in the email. (in accordance with Article 28, Implementing Regulations, KSA)
Do we transfer your data outside KSA?
We may share your data with our corporate entities, affiliates, logistic partners (if your order must be shipped outside the KSA borders), marketing channels and other third parties described above who are based in countries outside KSA, subject to any contractual or legal requirements. You agree that all data processed by us may be transferred, processed, and stored anywhere in the world.
While some countries may not have data protection laws that are equivalent to Personal Data Protection Law, KSA, we will take reasonable measures to protect your data in accordance with this Privacy Policy.
Advertisements
We use third-party advertising companies to serve ads when you visit our Platform. These companies may use data (not including your name, address, email address, or telephone number) about your visits to our Platform and other websites. You have an option to opt-out from tracking of personalized advertising using the “opt out of Ads Personalization” settings using your device’s settings application.
Use of Children Data
Use of our Platform is available only to individuals who can form a legally binding contract. We do not knowingly solicit or collect personal data from children under 18. If you have shared any personal data of children under the age of 18 years, you represent that you have the authority to do so and permit us to use the data in accordance with this Privacy Policy, at your sole liability.
Data Deletion and Retention
You have an option to delete your account by visiting your profile on our Platform, this action would result in you losing all information related to your account. You can also write to us at dpo@apparelgroup.com. By deleting your account, you will not be able to access your order history, your preferences, details of any pending orders, exchanges, return or refunds, coupons or benefits from loyalty programs. We may, in the event of any pending grievance, claims, pending shipments or any other service, refuse or delay deletion of the account. Please note that deletion of account will not be retroactive and will be in accordance with the terms of this Privacy Policy and applicable laws.
To access the Platform again you would need to register as a new user. We retain your personal data for a period no longer than is required for the purpose for which it was collected or as required under any applicable law. However, we may retain data related to you if we believe it may be necessary to prevent fraud; to enable us to exercise its legal rights and/or defend against legal claims; or for other legitimate purposes. We may continue to retain your data in anonymized form for analytical and research purposes. (In accordance with Article 18, Personal Data Protection Law, KSA)
Your Rights
You consent and ensure that the personal data you share with us is accurate and, where necessary, kept up to date. You may access, rectify, and update your personal data directly through the functionalities provided on the Platform. You have an option to withdraw your consent by writing to us at dpo@apparelgroup.com. We may verify such requests before addressing them. Your withdrawal of consent may hamper your access to the Platform. You understand that we may take 30 days to address or notify you the reason for delay in addressing your request. (In accordance with Article 3, Implementing Regulations, KSA). We shall take all reasonable steps to address your requests for any amendments to your personal data.
Consent
By visiting our Platform or by providing your data, you consent to the collection, use, storage, disclosure and otherwise processing of your data on the Platform in accordance with this Privacy Policy. If you disclose to us any personal data relating to other people, you represent that you have the authority to do so and permit us to use the information in accordance with this Privacy Policy. You, while providing your personal data over the Platform or any partner platforms, consent to us (including our other corporate entities, affiliates, technology partners, marketing channels, business partners and other third parties) to contact you through SMS, instant messaging apps, call and/or e-mail for the purposes specified in this Privacy Policy. (In accordance with Article 4, Implementing Regulations, KSA and Article 2, Regulation on Data Transfer, KSA))
Changes to this Privacy Policy
Please check our Privacy Policy periodically for changes. We may update this Privacy Policy to reflect changes to our data handling practices. We will alert you to significant changes by placing a notice on our Platform or by email when required by applicable law.
Data Protection Officer
If you have a data subject access request, query, concern, or complaint in relation to collection or usage of your personal data under this Privacy Policy, please contact write to us at dpo@apparelgroup.com.
Customer Support: You can also reach our customer support team to address any of your queries or complaints at customersupport@apparelgroup.com.
