Date Last Modified: January 7, 2022
This Privacy Policy (“Policy”) applies to Steak ‘n Shake Enterprises, Inc., its affiliates, subsidiaries, divisions or designees (“SnS” or “Steak ‘n Shake” or “we”). This Policy describes how Steak ‘n Shake collects, shares, uses and safeguards customer personal information we collect anywhere, including our restaurant locations in the United States (excluding Hawaii and U.S. Territories), our websites at www.steaknshake.com, and other websites where we post this Policy (collectively, “Website”), and mobile applications. This Policy will also give you more information about how to manage the personal information that you provide to us. When visiting our Website, this Privacy Policy should be read in conjunction with the Terms of Use located on our Website. By using our Website or mobile applications, you agree to the terms of this Policy. This Policy may change from time to time (see below, “Changes to Policy Policies”). Your continued use of our Website or mobile applications after we make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates.
1. The Information We Collect.
When you visit our restaurants, Website and mobile applications, we may receive and collect certain information. The information that we may receive and collect depends on what you do when you visit our restaurants, Website and mobile applications.
The information that you provide in each case will vary. In some cases, you may be able to provide Personal Information via email or free text boxes, such as contacting the Company to request further information. When providing your Personal Information, please provide only relevant information and do not provide unnecessary sensitive information, such as Social Security numbers, credit card information or other sensitive personal data, unless required for our services. Additionally, we may ask you to create a username and password that should only be known to you.
• Information You May Actively Submit Through Our Websites.
You may have the opportunity to provide Personal Information on our Website. Personal Information is any information that can be used to individually identify you from a larger group, such as data including, but not limited to, your:
- full name,
- postal address,
- phone number,
- e-mail address,
- date of birth,
- and credit card information.
You can browse our Website and take as much time as you want to review our services without having to submit such Personal Information. In the following instances, however, we do need you to actively submit Personal Information, when:
- you want to contact us via electronic means or website submission;
- you purchase a gift card;
- you utilize online ordering;
- you make purchases from the e-store;
- you enter a contest or sweepstakes or participate in a promotion; or
- you join our customer loyalty programs and/or email lists. E-mail or other forms of electronic communication, including website submission, are not secure and/or confidential means of communication.
• Automatically Collected Information.
Some information is automatically received and sometimes collected from you when you visit our Website. This information may include some or all of the following items: the name of the domain and host from which you access the Internet, including the Internet Protocol (IP) address of the computer you are using and the IP address of your Internet Service Provider; the type and version of Internet browser software you use and your operating system; the date and time you access our Website, the length of your stay and the specific pages, images, video or forms that you access while visiting our Website; the Internet address of the website from which you linked directly to our Website, and if applicable, the search engine that referred you and any search strings or phrases that you entered into the search engine to find our Website; and demographic information concerning the country of origin of your computer and the language(s) used by it.
We use this information to monitor the usage of our Website, assess its performance, ensure technological compatibility with your computer, and understand the relative importance of the information provided on our Website. We may also use this data to conduct statistical analyses on visitors’ usage patterns and other aggregated data.
• Information Collected via Cookies.
“Cookies” are small files or records that are placed on your computer’s hard drive to distinguish you from other visitors to our Website. The use of cookies is a standard practice among websites to collect or track information about your activities while using our Website. A cookie may enable the website owner to track how a visitor navigates through its website and the areas in which they show interest. This is similar to a traffic report: it tracks trends and behaviors, but does not personally identify individuals. Information gathered may include date and time of visits, pages viewed, time spent at the site, and the website visited just before and just after a visit to our Website.
Cookies can be set to expire: (1) on a specified date; (2) after a specific period of time; (3) when a transaction has been completed; or (4) when a user turns off his/her Internet browser. A cookie that is erased from memory when a visitor’s Internet browser closes is called a “session” cookie. Cookies that expire based on a time set by the Web server are called “persistent” cookies.
Our Website may use both “session cookies” and “permanent cookies.” You can choose to have your browser warn you every time a cookie is being sent to you or you can turn off cookie placements. If you refuse cookies, there may be parts of our Website that may not function properly.
• Information Collected Using Pixel Tags or Clear GIFs.
Pixel Tags or Clear GIFs, also known as Web Beacons or Web Bugs, are transparent graphical images placed on a website. We may use these items on our Website.
• Information You May Actively Submit In Our Restaurants.
When visiting our restaurants, we only collect Personal Information in limited situations. The Personal Information that you may provide in our restaurants may include, but is not limited to, your:
- full name,
- postal address,
- phone number, and
- e-mail address.
We may collect Personal Information at our restaurants when:
- you want to fill out customer comment cards;
- you enter a contest or sweepstakes or participate in a promotion; or
- you join our customer loyalty programs and/or email lists.
• Information You May Actively Submit on Our Mobile Applications.
When using our mobile applications, you may submit Personal Information that may include, but is not limited to, your:
- full name,
- postal address,
- email address,
- phone number,
- date of birth, and
- credit card information.
We may collect Personal Information on our mobile applications when:
- you make a payment,
- you register for a rewards account, or
- place an order at one of our restaurants.
2. Security
Steak ‘n Shake takes reasonable steps to help protect Personal Information that we have or control against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. However, we can never promise 100% security, and we cannot ensure against any loss or theft, unauthorized access, alteration, or destruction of data. You have a responsibility, as well, to safeguard your information through the proper use and security of any online credentials used to access your Personal Information, such as a username and password. If you believe your credentials have been compromised, please change your password. Please also notify us of any unauthorized use.
Because your credit card security is a high priority, we have taken reasonable steps to ensure your payment information is processed confidentially and securely through a trusted third party. We understand if you do not feel comfortable sending your credit card information to us over the Internet and are more than happy to accept your order and payment when you visit us at one of our restaurant locations or via the phone. If you wish to purchase a gift card over the phone, please call us toll free at (800) 547-4253 and indicate that you wish to purchase a gift card without any information being submitted through an Internet website.
3. Personal Information About Children.
Our Website and mobile applications are targeted primarily for use by adults. We do not currently market to or create special areas for use by children, nor do we knowingly collect any personal information from children under the age of 13 years. However, we hereby advise all visitors to our Website and mobile applications under the age of 13 not to disclose or provide any personally identifiable information on our Website or mobile applications. In the event that we discover that a child under the age of 13 has provided personally identifiable information to us, in accordance with the Children’s Online Privacy Protection Act, we will delete the child’s personally identifiable information from our files to the extent technologically possible. We encourage parents and guardians to provide adequate protection measures to prevent minors from providing information unwillingly on the internet.
4. E-Mail and Other Communications.
When you send an email to us, or provide your email address to us, you are communicating with us electronically and consent to receive communication from us electronically. We may retain the content of the email, your email address, and our response in order to service your needs. We may use the data that you provide to send you email or correspondence via other means. You may opt out of electronic communications by unsubscribing or changing your preferences at any time.
If we provide subscription-based services, such as email newsletters, we will allow you to make choices about what information you provide at the point of information collection or at any time after you have received a communication from us while you are subscribed. Transactional or service-oriented messages are usually excluded from such preferences, as such messages are required to respond to your requests or to provide goods and services, and are not intended for the purposes of marketing.
We will not intentionally send you email newsletters and marketing emails unless you consent to receive such marketing information. After you request to receive these emails, you may opt out of them at any time by selecting the “unsubscribe” link at the bottom of each email. Please note that by opting out or unsubscribing you may affect other services you have requested we provide to you, in which email communication is a requirement of the service provided.
Any such communications you receive from us will be administered in accordance with your preferences and this Policy.
5. How We Use and Share Personal Information.
Our view on using Personal Information is simple. We do not rent or sell your Personal Information. We may use your Personal Information that you actively submit to better assist you when you visit or call us again, prevent malicious activity on our Website and mobile applications, and to send you special offers for our restaurant services that may be of interest to you. We do this by general marketing communications for our services, including by regular mail and e-mail (collectively, “Marketing Communications”). Unless you “opt-out” through opportunities available to you through our Marketing Communications, we may send you Marketing Communications.
You may “opt-out” of future Marketing Communications and subscription-based services by following the instructions provided in Section 7 (Access to and Managing Your Personal Information) of this Policy.
Except where we otherwise obtain your express permission, we share your Information with third parties only under the limited circumstances stated below:
- a. Information may be subject to disclosure for legal reasons, such as in response to a valid court order, subpoena, government investigation or request, or as otherwise required by law.
- b. Information may be disclosed to protect our rights or property, protect our legitimate business interests, to enforce the provisions of this Policy and Terms of Use, and/or to prevent harm to you or others.
- c. Information may be disclosed to carefully selected third-party service providers in order to provide services to you, such as to fulfill gift card orders (U.S. Postal Service, or other delivery companies we or you select); provide customer service; send, email or Marketing Communications; maintain our customer loyalty program and database and other programs; monitor the activity of our Website; conduct surveys; and administer contests or sweepstakes. We will share your Information with our carefully selected third-party services providers on a confidential basis. These service providers are prohibited from using your Information for any purpose other than providing our services.
- d. Information may be disclosed to process credit card transactions. In this case these transactions are handled by established third party banking, processing agents and distribution institutions. They receive the information needed to verify and authorize your credit card or other payment information and to process your order. In addition, we may disclose Information to third parties to verify the authenticity of any financial transaction involving our company or its subsidiaries.
- e. Information may be disclosed and transferred if our company or its business is sold or offered for sale to another company or person(s), if a petition for relief under the United States Bankruptcy Laws is filed by or against us, or if we become subject to an order of appointment of a trustee or receiver.
6. Linking to Third-Party Websites.
When you click on links on our Website that take you to third-party websites, you will be subject to the third parties’ privacy policies. While we support the protection of privacy on the Internet, we cannot be responsible for the actions of any third-party websites. We encourage you to read the posted privacy statement of any and every website you visit, whether you are linking from our Website or browsing on your own.
7. Access to and Managing Your Personal Information.
We believe it is important for you to be able to find out what Information you have provided to us through our restaurants, Website and mobile applications, update your Information, and “opt out” of receiving future Marketing Communications and subscription-based services. To inquire about your Information, update your Information, or “opt out” of receiving future Marketing Communications or subscription-based services, please contact us as described in Section 13 (Questions or Comments) below. Please be sure to include your full name, address, phone number and e-mail address and indicate the specific nature of your request. If you want to “opt out” of receiving Marketing Communications or subscription-based services, specify what type of Marketing Communication or subscription-based services (e.g., e-mail or direct mail) you wish to receive or stop receiving. This will ensure we identify you correctly in our systems and accurately process your request. If you send an e-mail or letter request, we will take appropriate steps to implement your request, but due to production, mailing and system timelines, it may take up to: 10 business days for e-mails or 30 calendar days for mail. Until that change takes effect, you may still receive or not receive Marketing Communications from us.
You may also ask us to change your preferences on how we use your Information by taking the following steps:
a. Log on to our online ordering Website to access and change your profile information and preferences if you have an online account with us.
b. Follow “opt-out” instructions in promotional e-mails we send to you.
Also, please note that even though you may have “opted out” of receiving Marketing Communications, you may still receive business-related communications. Business communications include order confirmations or other administrative information. Please be aware that “opting-out” of certain third party use may prevent us from providing certain services that you request.
8. United States Only.
Our Website and mobile applications are designed for use by individuals in the United States only. We do not warrant or represent that this Policy, the Website’s or the mobile applications’ use of your Personal Information complies with the laws of any other jurisdiction. Furthermore, to provide you with our services, we may store, process, and transmit information in the United States and other locations around the world, including countries that may not have the same privacy and security laws as yours. Regardless of the country in which such information is stored, we will process your Personal Information in accordance with this Policy.
9. Your California Rights.
Shine the Light Law. Pursuant to California Civil Code Section 1798.83, we will not disclose or share your Personal Information with third parties for the purposes of third-party marketing to you without your prior consent.
Do Not Track Signals. Other than as disclosed in this Policy, the Website does not track users over time and across third-party websites to provide targeted advertising. Therefore, the Website does not operate any differently when it receives Do Not Track (“DNT”) signals from your internet web browser.
We do not sell your Personal Information. If we ever decide to sell Personal Information, we will update you via this Policy and include a link entitled “Do Not Sell My Personal Information,” to provide you with an opportunity to opt out of sales of your Personal Information.
If you are a California consumer, as defined by the California Consumer Privacy Act of 2018, you may be afforded additional rights with respect to your “Personal Information” as that term is explicitly defined under California law. Any Personal Information we collect is collected for the commercial purpose of effectively providing our services to you, as well as enabling you to learn more about, and benefit from, our services. You may exercise each of your rights as identified below, subject to our verification of your identity.
Access. You have the right to request that we disclose certain information to you about our collection, use and disclosure of your Personal Information over the past twelve (12) months. Any disclosures we provide will only cover the 12-month period preceding the receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
Prohibit Data Sharing. When applicable, you may prohibit the sharing of your Personal Information. In your request, please explain how you wish us to prohibit the sharing of your Personal Information, and which categories of third parties you want to prohibit from receiving your Personal Information. When such prohibitions are not possible to provide our services to you, we will advise you accordingly. You can then choose to exercise any other rights under this Policy.
Portability. Upon request and when possible, we can provide you with copies of your Personal Information. When such a request cannot be honored, we will advise you accordingly. You can then choose to exercise any other rights under this Policy.
Deletion. You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies. Where applicable, we will ensure such changes are shared with trusted third parties.
Non-Discrimination. If a California data subject exercises his or her rights under California law, including the CCPA, we shall not discriminate against that California resident by denying our goods or services, charging different prices or rates to similarly situated consumers, providing a different level or quality of our goods or services, or taking any other adverse action.
Exercising your rights. If you are a California resident who chooses to exercise the rights listed above, you can:
- Submit a request via email at snsprivacy@steaknshake.com; or
- Call us at 317-633-4100 to submit your request.
Only you, or someone legally authorized to act on your behalf, may make a request related to your Personal Information. If an authorized agent makes a request on your behalf, we may require proof that you gave the agent permission to submit the request.
Responding to Your Request. Upon receiving your request, we will confirm receipt of your request by sending you an email confirming receipt. To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the Personal Information. In some instances, such as a request to delete Personal Information, we may first separately confirm that you would like for us to in fact delete your Personal Information before acting on your request.
We will respond to your request within forty-five (45) days. If we require more time, we will inform you of the reason and extension period in writing.
In some cases our ability to uphold these rights for you may depend upon our obligations to process Personal Information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, listed below, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
10. What You Need to Do to Protect Your Information.
You have several options when deciding how you can best protect your Personal Information. One option is simply not to volunteer it. As stated above, this approach would allow you to still visit our restaurants, Website and mobile applications – although it will prevent you, for example, from ordering gift cards on-line, providing us with your comments or questions relating to our restaurants, or utilizing online ordering and reservations. The Federal Trade Commission’s website, www.ftc.gov, also offers useful information about how to protect personally identifiable information provided to a website.
11. What to Do About Suspected Violations of This Privacy Statement.
If at any time you believe we have not adhered to the policies and principles set forth in this Policy, please notify us using the contact information in Section 13 (Questions or Comments) below. We will make all commercially reasonable efforts to promptly respond to your concerns.
12. Changes to Privacy Policies.
Our Policy is subject to change from time to time, so we suggest that you review the current Policy at the start of each visit to our Website. Unless we clearly express otherwise, we will use Information in accordance with this Policy under which the Information was collected. YOU ARE HEREBY ADVISED THAT YOUR CONTINUED USE OF OUR WEBSITE CONSTITUTES YOUR ACCEPTANCE OF ANY AMENDMENTS TO AND THE MOST RECENT VERSION OF THIS POLICY.
13. Questions or Comments.
If you have any questions or comments concerning our Privacy Policy, please contact us:
a. Contact us at snsprivacy@steaknshake.com
b. Send a request in writing with your current contact information to:
Steak n Shake Enterprises, Inc.
Attn: Chief Legal Officer
107 S Pennsylvania Street
Suite 400
Indianapolis IN 46204