Privacy Statement

Last update: February 7, 2023

The National Restaurant Association and its affiliates National Restaurant Solutions LLC, National Restaurant Association Educational Foundation, National Registry of Food Safety Professionals,  Multicultural Foodservice and Hospitality Alliance, Restaurant Law Center, and National Restaurant Association Political Action Committee (collectively, the “Association,” “we” or “us”) understands that you care about how we collect, use, and share information when you interact with us through our websites, mobile applications, social media sites and handles, email, events, surveys, and research (our “Services”) and we value the trust you place in us. This Privacy Policy explains:

• the types of information we collect through our Services

• how we use and protect that information

• the types of information we may share with others and under what circumstances

• the choices you have regarding our collection, use, and sharing practices

• details regarding our use of third-party cookies and other tracking technologies

We also include specific disclosures for residents of the European Economic Area and Switzerland as well as Colorado and California.

This Policy applies to the Association and our Services. It also applies anywhere it is linked. It does not apply to non-Association websites and mobile applications that may link to the Services or be linked to from the Services; please review the privacy policies on those websites and applications directly to understand their privacy practices.

Information We Collect

Information you give us: Some of the Services may include features or services that permit you to enter contact information and other information about you. We collect and store any information you enter on our Services. This may include:

• Contact and demographic information when registering or using our Services.

• Payment information and associated contact information when engaging in a transaction on our site.

• Appointment bookings you carry out through our site.

• Email address information when subscribing to our email bulletins.

• Any information or data you provide by interacting in our online forums and chatrooms, or by commenting on content posted on our Services. Please note that these comments are also visible to other users of our Services.

• Information you provide when you complete a survey administered by us or a service provider acting on our behalf.

• If you contact us, we may keep a record of that correspondence and any contact information provided.

• In the case of Hire Military! or other job board related Services, information you may submit for possible employment with members or other information you may submit to inquire about or apply for a job with us.

• Information you provide when you apply for a certification or purchase or take a course or an exam.

• Information submitted by or for our members, including employers or franchisors–which may include employees’ business and personal contact details, job titles, and membership details.

Information We Collect Automatically: When you interact with the Services, certain information about your use of our Services is automatically collected. Much of this information is collected through cookies, web beacons, and other tracking technologies, as well as through your web browser or device.  This may include:

• Details of your visits to our site and information generated in the course of the use of our site (including the timing, frequency and pattern of service use) including, but not limited to, traffic data, cookies, location data, weblogs and other communication data, the resources that you access, and how you reached our site.

• Details regarding the device you use to access our Services, including, but not limited to, your IP address, operating system and browser type.

• Information about how you interact with our ads and newsletters, including whether you open or click links in any correspondence.

• Information that you make available to us on a social media platform (such as by clicking on a social media icon linked from our Services), including your account ID or username and other information included in your posts.

Please see below for more information about how our automatic collection of information works.

How We Use and Protect Your Information

We may use the information we collect from you for the following purposes:

• To provide membership services, and to keep our membership contact information up to date.

• To provide you with our products and services, including to take steps to enter into a contract for sale or for services, process payments, fulfill orders, and send service communications.

• To provide you with information for our products and services, or products or services of our commercial partners, that we believe may be of interest to you.

• To communicate exam results, pending expiration dates or other information regarding your certificate, certification or similar status.

• To provide information or other materials relating to an event you are currently or previously registered for, including information regarding speakers, exhibitors, sponsors, or other attendees.

• To enable additional features on our Services and to provide you with a personalized service.

• To create custom audiences on social media sites.

• To provide you with the best service and improve and grow our business, including understanding our customer base and purchasing trends and understanding the effectiveness of our marketing.

• To allow members or potential employers to access and download information posted on Hire Military! or other job board related sites.

• To detect, investigate, and prevent activities that may violate our policies or be fraudulent or illegal, and to comply with legal requirements regarding the provision of products and services.

We retain your information in accordance with record retention policies, based on levels of business importance and internal guidance for compliance with auditing and legal requirements.

How We Secure the Information We Collect from or About You
We use a combination of physical, technical, and administrative safeguards to protect the information we collect through the Services.  While we use these precautions to safeguard your information, we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf.

Our Sharing of Your Information

• Service Providers: We engage vendors to perform functions on our behalf such as: website hosting, software development, data storage, content management, database management, technical integration, marketing automation, analytics, site optimization, conducting customer surveys, shipping and payment processing and providing other business services.

There are limited circumstances in which the service provider collects data directly from you when their privacy policies may also apply.

• Social Media Platforms: Where you choose to interact with us through social media, your interaction with these programs typically allows the social media company to collect some information about you through digital cookies they place on your device and other tracking mechanisms. In some cases, the social media company may recognize you through its digital cookies even when you do not interact with their application. Please visit the social media companies’ respective privacy policies to better understand their data collection practices and controls they make available to you.

• Third parties involved in advertising: We partner with third parties who assist us in serving advertising regarding the Services to others who may be interested in the Services. We also partner with third parties who use cookies to display interest-based advertising to you on the Services. These third parties may use tracking technologies on our website to collect or receive information from the Services and elsewhere on the internet and use that information to provide measurement services and target ads. While the Association will not share information that identifies you by name with unaffiliated third parties for their own uses, such third parties may, with sufficient data from other sources, be able to personally identify you.

• Corporate Affiliates: We share data with other members of our group of companies, as well as with our State Restaurant Association partners.

• Business Partners: We share data with affiliates or companies with whom we have affinity programs or similar commercial relationships in order to market and provide products, goods or services that may be of interest to you.

• Potential Employers: We may share data posted to Hire Military! with interested potential employers and will have no liability for such third-party use.

• Event Attendees, Sponsors, and Exhibitors: We may share attendees’ information with sponsors and exhibitors for that event or similar events or may be used to provide invitations for other events conducted by us. Exhibitors’ information may be shared with Sponsors of such events or for invitation to exhibit at other events we conduct.

• Grant Funders: We may share your information due to requirements we have under certain private grants awarded to the Association or the Foundation.

• Employers: If you access our Services through your employer, we may share your name, email address, course information, and other information regarding your use of the Services with your employer.

Additional Information About our Data Collection and Sharing Practices

Sharing of Aggregated Data: We may analyze aggregated, de-identified data and share these analyses at our discretion, including with marketing agencies, media agencies, and analytics providers. These third parties will not be able to relate this data to identifiable individuals.

Combination of Information: We may combine information from the Services together and with other information we obtain from our business records. Additionally, information collected about you from a particular browser or device may be linked to information collected from another computer or device that we believe relates to you.

Personal Data Collected from You About Others: If you decide to invite others to the site, we will collect your and the other person’s names, e-mail addresses, and/or phone numbers in order to send an e-mail or text message and follow up with the other person. You hereby agree that you will obtain the other person’s consent to this before giving us their personal data. You hereby agree not to send us the contact details of any legal minor.

Change of Ownership or Corporate Organization: We may transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this policy.

Cross-border Transfer of Data: If you use our Services outside of the United States, you understand that we may collect, process, and store your personal information in the United States and other countries.  The laws in the U.S. regarding personal information may be different from the laws of your state or country.  Any such transfers will comply with safeguards as required by relevant law.  By using the Services, you consent to the collection, international transfer, storage, and processing of your data.

Your Options and Rights

Please visit the login page on any Association website to update your contact information and payment method.

If at any time you would like to unsubscribe from receiving future emails, you can click the unsubscribe link at the bottom of any email bulletin, or email us at Privacy@restaurant.org and we will promptly remove you from all correspondence.

Your Colorado Privacy Rights

Effective July 1, 2023, residents of the State of Colorado have the right to request Personal Data (described below) from the Association, as described in more detail in this Section of the Privacy Policy.  If you are a Colorado resident and would like to see the categories of Personal Data that we collect or sell, please see our Notice of Colorado Consumer Data Collection and Sharing Practices.   If you are a Colorado resident and would like to make such a request to access your Personal Data, correct your Personal Data, delete your Personal Data, or request that we do not sell your Personal Data or use it for targeted advertising or certain kinds of profiling, please visit our Privacy Request webpage, email Privacy@restaurant.org, write to or call us at:

Director of Security
National Restaurant Association
233 South Wacker Drive
Chicago, IL 60606
1-800-765-2122

If you would like to appeal any decision we make not to comply with your request (in whole or in part), please respond to the email you received from Privacy@restaurant.org notifying you of our decision, or write to us or call us at the above address within sixty (60) days of your receipt of our response.

Special Information for Colorado Residents

The Colorado Privacy Act (“CPA”) provides Colorado residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Data,” as well as rights to access and control Personal Data. The CPA defines “Personal Data” to mean “information that is linked or reasonably linkable to an identified or identifiable individual.” Certain information we collect may be exempt from the CPA because it is de-identified, considered public information (i.e., it is made available by a government entity), covered by a federal privacy law, such as the Gramm–Leach–Bliley Act, the Health Insurance Portability and Accountability Act, the Fair Credit Reporting Act, or otherwise excluded from the definition of Personal Data under the CPA.

From time to time in this section of the Privacy Policy, we may refer to the “processing” or Personal Data.  “Process” or “Processing” means collecting, using, selling, storing, analyzing, deleting, or modifying Personal Data.

To the extent that we collect Personal Data that is subject to the CPA, that information, our practices, and your rights are described below.

Right to Information Regarding the Categories of Personal Data Collected, Sold, and Disclosed

You have a right to obtain information about the categories of Personal Data we collect, sell, and disclose.  Please see our Notice of Colorado Consumer Data Collection and Sharing Practices.

Right to Access Information and Right to Data Portability

You have the right to confirm whether we are processing Personal Data collected about you and to access that Personal Data.

When exercising your right to access your Personal Data, you have the right to obtain your Personal Data in a portable format, and (to the extent feasible) a format that is readily usable and allows you to transmit the data to another entity.  You may exercise this right up to two times per calendar year. To protect our customers’ Personal Data, we are required to verify your identity before we can act on your request, and we may redact any highly sensitive information (such as driver’s license numbers, social security numbers, or financial account numbers). If we redact any information, we will clearly describe what information we are redacting.

Right to Correction

You have the right to correct inaccuracies in your Personal Data. To protect our customers’ Personal Data, we are required to verify your identity before we can act on your request.  We may not have to comply with this request based on the nature of the Personal Data you are asking us to correct or the purposes of processing that Personal Data.  If that is the case, we will explain that to you in our response.

Right to Request Deletion of Personal Data

You have the right to request in certain circumstances that we delete any Personal Data that we have collected directly from you. To protect our customers’ Personal Data, we are required to verify your identity before we can act on your request. We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

Right to Information Regarding Participation in Data Sharing for Financial Incentives

We may run promotions from time to time whereby we incentivize a consumer to share certain pieces of information with us; for example, we may offer a one-time discount if consumers sign up for our email marketing list. Participation in these incentives is voluntary, and you may opt out of the data sharing at any time. If we do so, we will disclose the categories of Personal Data that we collect through the program, the categories of third parties to whom we will share the Personal Data received, the value of the program benefits available to you whether or not you opt out of the sale of Personal Data or the processing of Personal Data for targeted advertising, and a list of any benefits that require the sale of Personal Data or processing of Personal Data for targeted advertising at the time such Personal Data is collected.

Right to Opt Out of Targeted Advertising, Sale of Personal Data to Third Parties, and Certain Profiling

You have the right to opt out of any targeted advertising or sale of your Personal Data by the Association to third parties.  You also have the right to opt out of profiling (described below) that is used in furtherance of decisions that result in providing or denying education enrollment or opportunity or employment opportunities. Profiling is the automated processing of your Personal Data to evaluate, analyze or predict things about your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.  We do not engage in any of the profiling described above in furtherance of decisions that result in providing or denying education enrollment or opportunity or employment opportunities. To exercise this right, please visit our Privacy Request webpage. Please note that your right to opt out does not apply to our sharing of Personal Data with service providers, who are parties we engage to perform a function on our behalf and are contractually obligated to use the Personal Data only for that function.

Notice of Colorado Consumer Data Collection and Sharing Practices

The following is a description of our data collection practices, including the Personal Data we collect, the purposes for which we collect information, the categories of Personal Data that we share with third parties and the kinds of third parties we share Personal Data with. We may use any and all of the information for any of the purposes described in this Privacy Policy, unless limitations are listed.

• Personal Identifiers:

  • We may collect your name, phone number, and email address and contact address when you create an account, register for events, or complete a transaction. If you choose to create an account, you may also be asked to create a username, and we may assign one or more unique identifiers to your profile.

  • You may provide us with payment information, which may be your credit card number or a bank account, when you complete a transaction or set up a recurring payment.

  • We may collect your Social Security number to verify your identity.

  • We may collect your IP address automatically when you use our Services, and may use it for marketing and sales purposes, as described below.

  • We may collect your Device ID automatically when you use our Services, and may use it for marketing and sales purposes, as described below.

• Protected Classifications: We may collect your age in order to comply with laws that restrict collection and disclosure of personal information belonging to minors. We may collect information about your gender and ethnic origin that you voluntarily disclose with your consent to use in determining preferential qualification for certain scholarships or in compliance with certain governmental requirements under federal grants.

• Commercial Information: When you engage in transactions with us, we may create records of goods or services purchased or considered, as well as purchasing or consuming histories or tendencies for financial recordkeeping purposes and marketing purposes.

• Biometric Information: We may collect information about your physiological, biological, and behavioral characteristics.

• Internet or Other Electronic Network Activity Information: We may collect information about your browsing history, search history, information regarding your interaction with websites, and applications or advertisements automatically when you utilize our Services for marketing purposes.

• Geolocation Data: As described above, we may collect your IP address automatically when you use our Services. We may be able to determine your general location based on the IP address.

• Audio, electronic, visual, thermal, olfactory, or similar information: If you contact us via phone, we may record the call for customer service and quality control purposes. We will notify you if a call is being recorded at the beginning of the call. If you take an examination, we may video record. We may collect your image, thermal, and olfactory similar information for exam security purposes.

• Professional or employment-related information: We may collect information about your current employer and your employment history for marketing purposes.

• Education information: We may collect information about the institutions you have attended and the level of education you have attained for marketing purposes.

• Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences or characteristics: We may analyze your actual or likely preferences through a series of computer processes for marketing purposes. On some occasions, we may add our observations to your internal profile.

Sensitive Data

Some of the Personal Information we collect falls under the definition of “Sensitive Data” under the CPA. The following is a description of our data collection practices with respect to Sensitive Data, including the Sensitive Data we collect, the sources of that Sensitive Data, the purposes for which we collect Sensitive Data, and whether we disclose that Sensitive Data to external parties.

• Protected Characteristics.  We may collect information about your gender and ethnic origin that you voluntarily disclose with your consent to use in determining preferential qualification for certain scholarships or in compliance with certain governmental requirements under federal grants.

We may share any of the above-listed information with “Service Providers”, which are external parties that we engage for business purposes and are restricted from using Personal Data for any purpose that is not related to our engagement. The categories of Service Providers with whom we share Personal Data and the services they provide are described in this Privacy Policy.

On certain occasions, we also sell certain categories of Personal Data to third parties, which are entities that we are not affiliated with and who are not processing Personal Data on our behalf. To “sell” information means to disclose it to an external party for monetary or other benefit. We may sell the following types of Personal Data:

• Personal Identifiers:

  • We may provide your contact information such as name, phone number, email address and contact address.

  • We may provide commercial information, such as a business’ name and address.

  • We may provide your contact information to directory services providers and public safety authorities.

  • We may provide your IP address and Device ID to our advertising partners, corporate affiliates, and business partners.

  • All personal information may be shared with our corporate affiliates.

We sell this information to third parties in order to allow those entities to provide you with targeting advertising and marketing that may interest you. We may also disclose information to other external parties who are not listed here when required by law or to protect the Association or other persons, as described in this Privacy Policy.

Special Information for California Residents

Residents of the State of California have the right to request information from certain business entities regarding third parties to whom the company has disclosed certain categories of personal information during the preceding year for the third parties’ direct marketing purposes pursuant to the CCPA and CPRA (discussed below).  Due to the Association and its subsidiaries’ and affiliates’ status as tax-exempt, not-for-profit trade associations, public charities, and political action committees, it is our position that we are not subject to either the CCPA or the CPRA.

Because we respect your privacy, we have voluntarily agreed to make certain disclosures available to California residents. If you are a California resident and would like to see the categories of personal information that we collect or sell, please see our Notice of California Consumer Data Collection and Sharing Practices.   If you are a California resident and would like to make such a request to access your personal information, delete your personal information, request that we do not sell or share your information, or request that we limit the use of your sensitive personal information to those purposes authorized by the CPRA, please visit our Privacy Request webpage, email Privacy@restaurant.org, write to or call us at:

Director of Security
National Restaurant Association
233 South Wacker Drive
Chicago, IL 60606
1-800-765-2122

The California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (“CPRA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” as well as rights to access and control Personal Information with respect to certain business entities. The CPRA defines “Personal Information” to mean “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Certain information we collect may be exempt from the CPRA because it is considered public information (i.e., it is made available by a government entity) or covered by a federal privacy law, such as the Gramm–Leach–Bliley Act, the Health Insurance Portability and Accountability Act, or the Fair Credit Reporting Act.

To the extent that we collect Personal Information that is subject to the CPRA, that information, our practices, and any rights you may have under the CPRA are described below.

Right to Information Regarding the Categories of Personal Information Collected, Sold, and Disclosed

To the extent that we collect Personal Information that is subject to the CPRA, you may have a right to obtain information about the categories of Personal Information we collect, sell, and disclose.  Please see our Notice of California Consumer Data Collection and Sharing Practices.

Right to Access Information

To the extent that we collect Personal Information that is subject to the CPRA, you may have the right to request access to Personal Information collected about you and information regarding the source of that information, the purposes for which we collect it, and the third parties and service providers with whom we share it. To protect our customers’ Personal Information, we are required to verify your identity before we can act on your request.

Right to Request Deletion of Information

To the extent that we collect Personal Information that is subject to the CPRA, you may have the right to request in certain circumstances that we delete any Personal Information that we have collected directly from you. To protect our customers’ Personal Information, we are required to verify your identity before we can act on your request. We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

Right to Correction

To the extent that we collect Personal Information that is subject to the CPRA, you may have the right to correct inaccuracies in your Personal Information. To protect our customers’ Personal Information, we are required to verify your identity before we can act on your request.  We may not have to comply with this request if we determine that the contested information is more likely to be accurate than not, if such a request would conflict with federal or state law, or if compliance would be impossible or involve disproportionate effort, or for other reasons permitted under the CPRA.  If that is the case, we will explain that to you in our response.

Right to Information Regarding Participation in Data Sharing for Financial Incentives

We may run promotions from time to time whereby we incentivize a consumer to share certain pieces of information with us; for example, we may offer a one-time discount if consumers sign up for our email marketing list. Participation in these incentives is voluntary, and you may opt out of the data sharing at any time.

Right to Opt Out of Sale of Personal Information to Third Parties and Targeted Advertising

To the extent that we collect Personal Information that is subject to the CPRA, you may have the right to opt out of any sale of your Personal Information or sharing of your Personal Information for cross-context behavioral (targeted) advertising purposes by the Association to third parties. To exercise this right, please visit our Privacy Request webpage. Please note that your right to opt out does not apply to our sharing of Personal Information with service providers, who are parties we engage to perform a function on our behalf and are contractually obligated to use the Personal Information only for that function.

Notice of California Consumer Data Collection and Sharing Practices.

The following is a description of our data collection practices, including the Personal Information we collect, the sources of that information, the purposes for which we collect information, and whether we disclose that information to external parties. We may use any and all of the information for any of the purposes described in this Privacy Policy, unless limitations are listed. The categories we use to describe the information are those enumerated in the CPRA.

• Personal Identifiers:

  • We may collect your name, phone number, and email address and contact address when you create an account, register for events, or complete a transaction. If you choose to create an account, you may also be asked to create a username, and we may assign one or more unique identifiers to your profile.

  • You may provide us with payment information, which may be your credit card number or a bank account, when you complete a transaction or set up a recurring payment.

  • We may collect your Social Security number to verify your identity.

  • We may collect your IP address automatically when you use our Services, and may use it for marketing and sales purposes, as described below.

  • We may collect your Device ID automatically when you use our Services, and may use it for marketing and sales purposes, as described below.

• Protected Classifications: We may collect your age in order to comply with laws that restrict collection and disclosure of Personal Information belonging to minors. We may collect information about your gender and ethnic origin that you voluntarily disclose to use in determining preferential qualification for certain scholarships or in compliance with certain governmental requirements under federal grants.

• Commercial Information: When you engage in transactions with us, we may create records of goods or services purchased or considered, as well as purchasing or consuming histories or tendencies for financial recordkeeping purposes and marketing purposes.

• Biometric Information: We may collect information about your physiological, biological, and behavioral characteristics.

• Internet or Other Electronic Network Activity Information: We may collect information about your browsing history, search history, information regarding your interaction with websites, and applications or advertisements automatically when you utilize our Services for marketing purposes.

• Geolocation Data: As described above, we may collect your IP address automatically when you use our Services. We may be able to determine your general location based on the IP address.

• Audio, electronic, visual, thermal, olfactory, or similar information: If you contact us via phone, we may record the call for customer service and quality control purposes. We will notify you if a call is being recorded at the beginning of the call. If you take an examination, we may video record. We may collect your image, thermal, and olfactory similar information for exam security purposes.

• Professional or employment-related information: We may collect information about your current employer and your employment history for marketing purposes.

• Education information: We may collect information about the institutions you have attended and the level of education you have attained for marketing purposes.

• Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences or characteristics: We may analyze your actual or likely preferences through a series of computer processes for marketing purposes. On some occasions, we may add our observations to your internal profile.

Sensitive Personal Information

Some of the Personal Information we collect falls under the definition of “Sensitive Personal Information” under the CPRA. The following is a description of our data collection practices with respect to Sensitive Personal Information, including the Sensitive Personal Information we collect, the sources of that Sensitive Personal Information, the purposes for which we collect Sensitive Personal Information, and whether we disclose that Sensitive Personal Information to external parties. We may use any and all of the Sensitive Personal Information for any of the purposes described in this Privacy Policy, unless limitations are listed. The categories we use to describe the information are those enumerated in the CPRA.

• Government Identifiers:

  • If you take an examination, we may collect images of your driver’s license, state identification card, or passport to verify your identity. 

  • We may collect your Social Security number to verify your identity.

• Complete account access credentials (usernames, account numbers, or card numbers combined with required access/security code or password). We may collect this information for security purposes.

• Racial or ethnic origin.  We may collect certain information regarding your race or ethnicity that you disclose to us as part of scholarship or government-funded programs in compliance with the terms of such scholarships or government-funded programs.

Right to Limit Use or Disclosure of Sensitive Personal Information

To the extent that we collect Personal Information that is subject to the CPRA, you may have the right to limit the use or disclosure of your Sensitive Personal Information to just actions to those that:

• help to ensure security and integrity, if the use of your Sensitive Personal Information is reasonably necessary and proportionate to the purpose of ensuring security and integrity;

• are for short-term, transient use, so long as your Sensitive Personal Information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience;

• are involved in the performance of services on behalf our business, such as maintaining or servicing accounts, verifying customer information, processing payments, providing financing, providing analytic services, and/or providing storage; and

• are used to undertake activities to verify or maintain the quality or safety of the Services.

We may share any of the above-listed Personal Information with “Service Providers”, which are external parties that we engage for business purposes and are restricted from using Personal Information for any purpose that is not related to our engagement. The categories of Service Providers with whom we share information and the services they provide are described in this Privacy Policy.

On certain occasions, we also sell information to third parties. An external party may be considered a third party either because the purpose of sharing is not an enumerated business purpose under California law, or because our contract does not restrict them from using Personal Information for other purposes. To “sell” information means to disclose it to an external party for monetary or other benefit. We may sell the following information:

• Personal Identifiers:

  • We may provide your contact information such as name, phone number, email address and contact address.

  • We may provide commercial information, such as a business’ name and address.

  • We may provide your contact information to directory services providers and public safety authorities.

  • We may provide your IP address and Device ID to our advertising partners, corporate affiliates, and business partners.

  • All Personal Information may be shared with our corporate affiliates.

To our actual knowledge, we do not sell the Personal Information of minors under age 16. We sell this information to third parties in order to allow those entities to provide you with targeting advertising and marketing that may interest you. We may also disclose information to other external parties who are not listed here when required by law or to protect the Association or other persons, as described in this Privacy Policy.

Special Information for Nevada Residents

Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to third parties who will sell or license their information to others. If you are a Nevada resident and would like to make such a request, please visit our Privacy Request webpage, email Privacy@restaurant.org or write to or call us at:

Director of Security
National Restaurant Association
233 South Wacker Drive
Chicago, IL 60606
1-800-765-2122


Special Information for Students of Academic Institutions (FERPA)

Students using our Services through an educational agency or institution (“School”) may be entitled to certain rights under federal and/or state student privacy laws, such as the Family Educational Rights and Privacy Act (“FERPA”). Under FERPA, these rights include the right to:

• Access and inspect the student’s education records;

• Provide written consent to the disclosure of education records or personally identifiable information; and

• Request the amendment of the student’s education records that the parent or eligible student believes are inaccurate, misleading or in violation of the student’s privacy rights.

As part of our Services to students, you must authorize us to:

• Receive from Schools or collect education records and personally identifiable information as reasonably required to provide the Services;

• Share with Schools, prospective employers or current employers of a student the exam results, certification status and professional training of such student;

• Post accreditation, certification or training results to our public website for access by Schools, employers, educators or others;

• Share or publicly disclose such other education records or personally identifiable information as reasonably required to attest to a student’s certification status or for other purposes relevant to users of the Services; and

• Provide students information regarding additional Services that may advance or enhance the workforce development or career opportunities of students.

Schools that we work with are required to provide students, parents or guardians required notices and obtain required consents for use of the Services as provided above.

If you are a User who is an academic student at an American educational institution (a “Student User”), there are several ways you can give consent for use of the Services.  For Student Users of ServSafe.com, ManageFirst.restaurant.org, Textbooks.restaurant.org or MyProStart.chooserestaurants.org, you can give consent as you create your account, or if you have an existing account that you created on or after March 12, 2022, you can edit your online profile to give consent.  For other Student Users, once you create an account, you must complete and return an Online Student Consent Form before commencing any Services or providing any educational records or private information. Once completed, you must send your Online Student Consent Form to privacy@restaurant.org.

Information for Individuals Located in the European Economic Area and Switzerland

We process personal data on the following legal bases: (1) with your consent; (2) as necessary to perform our agreement to provide Services; and (3) as necessary for our legitimate interests in providing the Services where those interests do not override your fundamental rights and freedom related to data privacy. Personal information we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates or subcontractors maintain facilities, as described above.

Users that reside in the EEA or Switzerland have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned. Contact details for data protection authorities are available here.
If you are a resident of the EEA or Switzerland, you are entitled to certain rights. Please note: In order to verify your identity, we may require you to provide us with personal information prior to accessing any records containing information about you. These rights include the ability:

• to request from us access to personal information held about you

• to ask for the information we hold about you to be rectified if it is inaccurate or incomplete;

• to ask for data to be erased if the data is no longer necessary for the purpose for which it was collected, you withdraw consent and no other legal basis for processing exists, or you believe your fundamental rights to data privacy and protection outweigh our legitimate interest in continuing the processing.

• to request that we restrict our processing if we are processing your data based on legitimate interests or the performance of a task in the public interest as an exercise of official authority (including profiling); using your data for direct marketing (including profiling); or processing your data for purposes of scientific or historical research and statistics.

To submit a request to exercise your rights, please contact us at Privacy@restaurant.org. We may have a reason under the law why we do not have to respond to your request, or respond to it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

Changes to This Policy

We may make changes to this Policy from time to time. We will post any changes, and such changes will become effective when they are posted unless otherwise required by law. Your continued use of our Services following the posting of any changes will mean you accept those changes. For questions about our privacy practices, contact us at:

Director of Security
National Restaurant Association
233 South Wacker Drive
Chicago, IL 60606
1-800-765-2122
Email: Privacy@restaurant.org

Additional Information About Our Use of Tracking Technologies and Interest-Based Advertising

The Association relies on partners to provide many features of our sites and services using data about your use of the Association and other sites. We use cookies for the following purposes:

• Site Operations: Enabling features that are necessary for providing you the services on our site, such as identifying you as being signed in, tracking content views remembering your preferences and the number of times you have been shown an advertisement.

• Analytics: Allowing us to understand how our services are being used, track site performance and make improvements

• Personalized Advertising: Delivering tailored advertising based on your preferences or interests across services and devices and measuring the effectiveness of ads

• Social Media: Enabling the sharing of content from our services through social networking and other sites

Below is a list of these partners with links to more information about the use of your data by our service providers and third parties that use tracking devices or cookies.  We have provided links to information about the choices these services may make available to you.
 

Category	Partner	Further Information
Analytics	Google	How Google uses information from sites or apps that use our services
Personalized Advertising and Social Media	Facebook	Data Policy
Personalized Advertising	LinkedIn	Privacy Policy
Personalized Advertising	TradeDesk	TradeDesk Services Privacy Policy
Personalized Advertising	AddThis	Privacy Policy
Site Operations	Hubspot Forms	Privacy Policy

Most web browsers automatically accept cookies but, if you prefer, you can usually modify your browser setting to disable or reject cookies. If you delete your cookies or if you set your browser to decline cookies, some features of the Services may not be available, work, or work as designed. You may also be able to opt out of or block tracking by interacting directly with the third parties who conduct tracking through our Services.

You can learn more about ad serving companies and the options available to limit their collection and use of your information by visiting the websites for the Network Advertising Initiative, the Digital Advertising Alliance, and the European Interactive Digital Advertising Initiative. Similarly, you can learn about your options to opt out of mobile app tracking by certain advertising networks through your device settings and by resetting the advertiser ID on your Apple or Android device.

Please note that opting-out of advertising networks services does not mean that you will not receive advertising while using our Services or on other websites, nor will it prevent the receipt of interest-based advertising from third parties that do not participate in these programs. It will, however, exclude you from interest-based advertising conducted through participating networks, as provided by their policies and choice mechanisms.  If you delete your cookies, you may also delete your opt-out preferences.