Last update: April 19, 2024
The National Restaurant Association and its affiliates National Restaurant Association Solutions, LLC, National Restaurant Association Educational Foundation, National Registry of Food Safety Professionals, Multicultural Foodservice and Hospitality Alliance, Restaurant Law Center, and National Restaurant Association Political Action Committee (collectively, the “Association,” “we” or “us”) understands that you care about how we collect, use, and share information when you interact with us through our websites, mobile applications, social media sites and handles, email, events, surveys, and research (our “Services”) and we value the trust you place in us. This Privacy Policy explains:
We also include specific disclosures for residents of the European Economic Area and Switzerland as well as Colorado and California.
This Policy applies to the Association and our Services. It also applies anywhere it is linked. It does not apply to non-Association websites and mobile applications that may link to the Services or be linked to from the Services; please review the privacy policies on those websites and applications directly to understand their privacy practices.
Information We Collect
Information you give us: Some of the Services may include features or services that permit you to enter contact information and other information about you. We collect and store any information you enter on our Services. This may include:
Information We Collect Automatically: When you interact with the Services, certain information about your use of our Services is automatically collected. Much of this information is collected through cookies, web beacons, and other tracking technologies, as well as through your web browser or device. This may include:
Please see below for more information about how our automatic collection of information works.
How We Use and Protect Your Information
We may use the information we collect from you for the following purposes:
We retain your information in accordance with record retention policies, based on levels of business importance and internal guidance for compliance with auditing and legal requirements.
How We Secure the Information We Collect from or About You
We use a combination of physical, technical, and administrative safeguards to protect the information we collect through the Services. While we use these precautions to safeguard your information, we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf.
Our Sharing of Your Information
There are limited circumstances in which the service provider collects data directly from you when their privacy policies may also apply.
Additional Information About our Data Collection and Sharing Practices
Sharing of Aggregated Data: We may analyze aggregated, de-identified data and share these analyses at our discretion, including with marketing agencies, media agencies, and analytics providers. These third parties will not be able to relate this data to identifiable individuals.
Combination of Information: We may combine information from the Services together and with other information we obtain from our business records. Additionally, information collected about you from a particular browser or device may be linked to information collected from another computer or device that we believe relates to you.
Personal Data Collected from You About Others: If you decide to invite others to the site, we will collect your and the other person’s names, e-mail addresses, and/or phone numbers in order to send an e-mail or text message and follow up with the other person. You hereby agree that you will obtain the other person’s consent to this before giving us their personal data. You hereby agree not to send us the contact details of any legal minor.
Change of Ownership or Corporate Organization: We may transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this policy.
Cross-border Transfer of Data: If you use our Services outside of the United States, you understand that we may collect, process, and store your personal information in the United States and other countries. The laws in the U.S. regarding personal information may be different from the laws of your state or country. Any such transfers will comply with safeguards as required by relevant law. By using the Services, you consent to the collection, international transfer, storage, and processing of your data.
Your Options and Rights
Please visit the login page on any Association website to update your contact information and payment method.
If at any time you would like to unsubscribe from receiving future emails, you can click the unsubscribe link at the bottom of any email bulletin, or email us at Privacy@restaurant.org and we will promptly remove you from all correspondence.
Your Colorado Privacy Rights
Effective July 1, 2023, residents of the State of Colorado have the right to request Personal Data (described below) from the Association, as described in more detail in this Section of the Privacy Policy. If you are a Colorado resident and would like to see the categories of Personal Data that we collect or sell, please see our Notice of Colorado Consumer Data Collection and Sharing Practices. If you are a Colorado resident and would like to make such a request to access your Personal Data, correct your Personal Data, delete your Personal Data, or request that we do not sell your Personal Data or use it for targeted advertising or certain kinds of profiling, please visit our Privacy Request webpage, email Privacy@restaurant.org, write to or call us at:
Director of Security
National Restaurant Association
233 South Wacker Drive
Chicago, IL 60606
1-800-765-2122
If you would like to appeal any decision we make not to comply with your request (in whole or in part), please respond to the email you received from Privacy@restaurant.org notifying you of our decision, or write to us or call us at the above address within sixty (60) days of your receipt of our response.
Special Information for Colorado Residents
The Colorado Privacy Act (“CPA”) provides Colorado residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Data,” as well as rights to access and control Personal Data. The CPA defines “Personal Data” to mean “information that is linked or reasonably linkable to an identified or identifiable individual.” Certain information we collect may be exempt from the CPA because it is de-identified, considered public information (i.e., it is made available by a government entity), covered by a federal privacy law, such as the Gramm–Leach–Bliley Act, the Health Insurance Portability and Accountability Act, the Fair Credit Reporting Act, or otherwise excluded from the definition of Personal Data under the CPA.
From time to time in this section of the Privacy Policy, we may refer to the “processing” or Personal Data. “Process” or “Processing” means collecting, using, selling, storing, analyzing, deleting, or modifying Personal Data.
To the extent that we collect Personal Data that is subject to the CPA, that information, our practices, and your rights are described below.
Right to Information Regarding the Categories of Personal Data Collected, Sold, and Disclosed
You have a right to obtain information about the categories of Personal Data we collect, sell, and disclose. Please see our Notice of Colorado Consumer Data Collection and Sharing Practices.
Right to Access Information and Right to Data Portability
You have the right to confirm whether we are processing Personal Data collected about you and to access that Personal Data.
When exercising your right to access your Personal Data, you have the right to obtain your Personal Data in a portable format, and (to the extent feasible) a format that is readily usable and allows you to transmit the data to another entity. You may exercise this right up to two times per calendar year. To protect our customers’ Personal Data, we are required to verify your identity before we can act on your request, and we may redact any highly sensitive information (such as driver’s license numbers, social security numbers, or financial account numbers). If we redact any information, we will clearly describe what information we are redacting.
Right to Correction
You have the right to correct inaccuracies in your Personal Data. To protect our customers’ Personal Data, we are required to verify your identity before we can act on your request. We may not have to comply with this request based on the nature of the Personal Data you are asking us to correct or the purposes of processing that Personal Data. If that is the case, we will explain that to you in our response.
Right to Request Deletion of Personal Data
You have the right to request in certain circumstances that we delete any Personal Data that we have collected directly from you. To protect our customers’ Personal Data, we are required to verify your identity before we can act on your request. We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.
Right to Information Regarding Participation in Data Sharing for Financial Incentives
We may run promotions from time to time whereby we incentivize a consumer to share certain pieces of information with us; for example, we may offer a one-time discount if consumers sign up for our email marketing list. Participation in these incentives is voluntary, and you may opt out of the data sharing at any time. If we do so, we will disclose the categories of Personal Data that we collect through the program, the categories of third parties to whom we will share the Personal Data received, the value of the program benefits available to you whether or not you opt out of the sale of Personal Data or the processing of Personal Data for targeted advertising, and a list of any benefits that require the sale of Personal Data or processing of Personal Data for targeted advertising at the time such Personal Data is collected.
Right to Opt Out of Targeted Advertising, Sale of Personal Data to Third Parties, and Certain Profiling
You have the right to opt out of any targeted advertising or sale of your Personal Data by the Association to third parties. You also have the right to opt out of profiling (described below) that is used in furtherance of decisions that result in providing or denying education enrollment or opportunity or employment opportunities. Profiling is the automated processing of your Personal Data to evaluate, analyze or predict things about your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. We do not engage in any of the profiling described above in furtherance of decisions that result in providing or denying education enrollment or opportunity or employment opportunities. To exercise this right, please visit our Privacy Request webpage. Please note that your right to opt out does not apply to our sharing of Personal Data with service providers, who are parties we engage to perform a function on our behalf and are contractually obligated to use the Personal Data only for that function.
Notice of Colorado Consumer Data Collection and Sharing Practices
The following is a description of our data collection practices, including the Personal Data we collect, the purposes for which we collect information, the categories of Personal Data that we share with third parties and the kinds of third parties we share Personal Data with. We may use any and all of the information for any of the purposes described in this Privacy Policy, unless limitations are listed.
Sensitive Data
Some of the Personal Information we collect falls under the definition of “Sensitive Data” under the CPA. The following is a description of our data collection practices with respect to Sensitive Data, including the Sensitive Data we collect, the sources of that Sensitive Data, the purposes for which we collect Sensitive Data, and whether we disclose that Sensitive Data to external parties.
We may share any of the above-listed information with “Service Providers”, which are external parties that we engage for business purposes and are restricted from using Personal Data for any purpose that is not related to our engagement. The categories of Service Providers with whom we share Personal Data and the services they provide are described in this Privacy Policy.
On certain occasions, we also sell certain categories of Personal Data to third parties, which are entities that we are not affiliated with and who are not processing Personal Data on our behalf. To “sell” information means to disclose it to an external party for monetary or other benefit. We may sell the following types of Personal Data:
We sell this information to third parties in order to allow those entities to provide you with targeting advertising and marketing that may interest you. We may also disclose information to other external parties who are not listed here when required by law or to protect the Association or other persons, as described in this Privacy Policy.
Special Information for California Residents
Residents of the State of California have the right to request information from certain business entities regarding third parties to whom the company has disclosed certain categories of personal information during the preceding year for the third parties’ direct marketing purposes pursuant to the CCPA and CPRA (discussed below). Due to the Association and its subsidiaries’ and affiliates’ status as tax-exempt, not-for-profit trade associations, public charities, and political action committees, it is our position that we are not subject to either the CCPA or the CPRA.
Because we respect your privacy, we have voluntarily agreed to make certain disclosures available to California residents. If you are a California resident and would like to see the categories of personal information that we collect or sell, please see our Notice of California Consumer Data Collection and Sharing Practices. If you are a California resident and would like to make such a request to access your personal information, delete your personal information, request that we do not sell or share your information, or request that we limit the use of your sensitive personal information to those purposes authorized by the CPRA, please visit our Privacy Request webpage, email Privacy@restaurant.org, write to or call us at:
Director of Security
National Restaurant Association
233 South Wacker Drive
Chicago, IL 60606
1-800-765-2122
The California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (“CPRA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” as well as rights to access and control Personal Information with respect to certain business entities. The CPRA defines “Personal Information” to mean “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Certain information we collect may be exempt from the CPRA because it is considered public information (i.e., it is made available by a government entity) or covered by a federal privacy law, such as the Gramm–Leach–Bliley Act, the Health Insurance Portability and Accountability Act, or the Fair Credit Reporting Act.
To the extent that we collect Personal Information that is subject to the CPRA, that information, our practices, and any rights you may have under the CPRA are described below.
Right to Information Regarding the Categories of Personal Information Collected, Sold, and Disclosed
To the extent that we collect Personal Information that is subject to the CPRA, you may have a right to obtain information about the categories of Personal Information we collect, sell, and disclose. Please see our Notice of California Consumer Data Collection and Sharing Practices.
Right to Access Information
To the extent that we collect Personal Information that is subject to the CPRA, you may have the right to request access to Personal Information collected about you and information regarding the source of that information, the purposes for which we collect it, and the third parties and service providers with whom we share it. To protect our customers’ Personal Information, we are required to verify your identity before we can act on your request.
Right to Request Deletion of Information
To the extent that we collect Personal Information that is subject to the CPRA, you may have the right to request in certain circumstances that we delete any Personal Information that we have collected directly from you. To protect our customers’ Personal Information, we are required to verify your identity before we can act on your request. We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.
Right to Correction
To the extent that we collect Personal Information that is subject to the CPRA, you may have the right to correct inaccuracies in your Personal Information. To protect our customers’ Personal Information, we are required to verify your identity before we can act on your request. We may not have to comply with this request if we determine that the contested information is more likely to be accurate than not, if such a request would conflict with federal or state law, or if compliance would be impossible or involve disproportionate effort, or for other reasons permitted under the CPRA. If that is the case, we will explain that to you in our response.
Right to Information Regarding Participation in Data Sharing for Financial Incentives
We may run promotions from time to time whereby we incentivize a consumer to share certain pieces of information with us; for example, we may offer a one-time discount if consumers sign up for our email marketing list. Participation in these incentives is voluntary, and you may opt out of the data sharing at any time.
Right to Opt Out of Sale of Personal Information to Third Parties and Targeted Advertising
To the extent that we collect Personal Information that is subject to the CPRA, you may have the right to opt out of any sale of your Personal Information or sharing of your Personal Information for cross-context behavioral (targeted) advertising purposes by the Association to third parties. To exercise this right, please visit our Privacy Request webpage. Please note that your right to opt out does not apply to our sharing of Personal Information with service providers, who are parties we engage to perform a function on our behalf and are contractually obligated to use the Personal Information only for that function.
Notice of California Consumer Data Collection and Sharing Practices.
The following is a description of our data collection practices, including the Personal Information we collect, the sources of that information, the purposes for which we collect information, and whether we disclose that information to external parties. We may use any and all of the information for any of the purposes described in this Privacy Policy, unless limitations are listed. The categories we use to describe the information are those enumerated in the CPRA.
Sensitive Personal Information
Some of the Personal Information we collect falls under the definition of “Sensitive Personal Information” under the CPRA. The following is a description of our data collection practices with respect to Sensitive Personal Information, including the Sensitive Personal Information we collect, the sources of that Sensitive Personal Information, the purposes for which we collect Sensitive Personal Information, and whether we disclose that Sensitive Personal Information to external parties. We may use any and all of the Sensitive Personal Information for any of the purposes described in this Privacy Policy, unless limitations are listed. The categories we use to describe the information are those enumerated in the CPRA.
Right to Limit Use or Disclosure of Sensitive Personal Information
To the extent that we collect Personal Information that is subject to the CPRA, you may have the right to limit the use or disclosure of your Sensitive Personal Information to just actions to those that:
We may share any of the above-listed Personal Information with “Service Providers”, which are external parties that we engage for business purposes and are restricted from using Personal Information for any purpose that is not related to our engagement. The categories of Service Providers with whom we share information and the services they provide are described in this Privacy Policy.
On certain occasions, we also sell information to third parties. An external party may be considered a third party either because the purpose of sharing is not an enumerated business purpose under California law, or because our contract does not restrict them from using Personal Information for other purposes. To “sell” information means to disclose it to an external party for monetary or other benefit. We may sell the following information:
To our actual knowledge, we do not sell the Personal Information of minors under age 16. We sell this information to third parties in order to allow those entities to provide you with targeting advertising and marketing that may interest you. We may also disclose information to other external parties who are not listed here when required by law or to protect the Association or other persons, as described in this Privacy Policy.
Special Information for Nevada Residents
Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to third parties who will sell or license their information to others. If you are a Nevada resident and would like to make such a request, please visit our Privacy Request webpage, email Privacy@restaurant.org or write to or call us at:
Director of Security
National Restaurant Association
233 South Wacker Drive
Chicago, IL 60606
1-800-765-2122
Special Information for Students of Academic Institutions (FERPA)
Students using our Services through an educational agency or institution (“School”) may be entitled to certain rights under federal and/or state student privacy laws, such as the Family Educational Rights and Privacy Act (“FERPA”). Under FERPA, these rights include the right to:
As part of our Services to students, you must authorize us to:
Schools that we work with are required to provide students, parents or guardians required notices and obtain required consents for use of the Services as provided above.
If you are a User who is an academic student at an American educational institution (a “Student User”), there are several ways you can give consent for use of the Services. For Student Users of ServSafe.com, ManageFirst.restaurant.org, Textbooks.restaurant.org or MyProStart.chooserestaurants.org, you can give consent as you create your account, or if you have an existing account that you created on or after March 12, 2022, you can edit your online profile to give consent. For other Student Users, once you create an account, you must complete and return an Online Student Consent Form before commencing any Services or providing any educational records or private information. Once completed, you must send your Online Student Consent Form to privacy@restaurant.org.
Information for Individuals Located in the European Economic Area and Switzerland
We process personal data on the following legal bases: (1) with your consent; (2) as necessary to perform our agreement to provide Services; and (3) as necessary for our legitimate interests in providing the Services where those interests do not override your fundamental rights and freedom related to data privacy. Personal information we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates or subcontractors maintain facilities, as described above.
Users that reside in the EEA or Switzerland have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned. Contact details for data protection authorities are available here.
If you are a resident of the EEA or Switzerland, you are entitled to certain rights. Please note: In order to verify your identity, we may require you to provide us with personal information prior to accessing any records containing information about you. These rights include the ability:
To submit a request to exercise your rights, please contact us at Privacy@restaurant.org. We may have a reason under the law why we do not have to respond to your request, or respond to it in a more limited way than you anticipated. If we do, we will explain that to you in our response.
Changes to This Policy
We may make changes to this Policy from time to time. We will post any changes, and such changes will become effective when they are posted unless otherwise required by law. Your continued use of our Services following the posting of any changes will mean you accept those changes. For questions about our privacy practices, contact us at:
Director of Security
National Restaurant Association
233 South Wacker Drive
Chicago, IL 60606
1-800-765-2122
Email: Privacy@restaurant.org
Additional Information About Our Use of Tracking Technologies and Interest-Based Advertising
The Association relies on partners to provide many features of our sites and services using data about your use of the Association and other sites. We use cookies for the following purposes:
Below is a list of these partners with links to more information about the use of your data by our service providers and third parties that use tracking devices or cookies. We have provided links to information about the choices these services may make available to you.
Category | Partner | Further Information |
Analytics | How Google uses information from sites or apps that use our services | |
Personalized Advertising and Social Media | Data Policy | |
Personalized Advertising | Privacy Policy | |
Personalized Advertising | TradeDesk | TradeDesk Services Privacy Policy |
Personalized Advertising | AddThis | Privacy Policy |
Site Operations | Hubspot Forms | Privacy Policy |
Most web browsers automatically accept cookies but, if you prefer, you can usually modify your browser setting to disable or reject cookies. If you delete your cookies or if you set your browser to decline cookies, some features of the Services may not be available, work, or work as designed. You may also be able to opt out of or block tracking by interacting directly with the third parties who conduct tracking through our Services.
You can learn more about ad serving companies and the options available to limit their collection and use of your information by visiting the websites for the Network Advertising Initiative, the Digital Advertising Alliance, and the European Interactive Digital Advertising Initiative. Similarly, you can learn about your options to opt out of mobile app tracking by certain advertising networks through your device settings and by resetting the advertiser ID on your Apple or Android device.
Please note that opting-out of advertising networks services does not mean that you will not receive advertising while using our Services or on other websites, nor will it prevent the receipt of interest-based advertising from third parties that do not participate in these programs. It will, however, exclude you from interest-based advertising conducted through participating networks, as provided by their policies and choice mechanisms. If you delete your cookies, you may also delete your opt-out preferences.