PAPA JOHN’S PRIVACY NOTICE

    Protecting our customers’ privacy is very important to us. This Privacy Notice outlines how we handle information that can be used to directly or indirectly identify an individual ("Personal Data"). We have created this Privacy Notice to demonstrate our firm commitment to protect our customers’ data and their privacy.

  1. GENERAL INFORMATION

    1.1. What is the GDPR? The European General Data Protection Regulation (the "GDPR") was created to protect the data of European Union residents. We aim to comply with the principles set out in the General Data Protection Regulation, which are that an individual’s personal data must:

    • Be processed fairly and lawfully;
    • Be obtained only for specific, lawful purposes;
    • Be adequate, relevant and not excessive for the purpose it was obtained;
    • Be accurate and kept up to date;
    • Not be retained for longer than necessary; and
    • Be protected and processed in accordance with the data subject’s rights.

    1.2. What are my rights as a data subject? At any point while Papa John’s is in possession of or processing your personal data, you, the data subject, have the following rights:

    • Right of access – you have the right to request a copy of the information that we hold about you.
    • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
    • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
    • Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
    • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
    • Right to object – you have the right to object to certain types of processing such as direct marketing.
    • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.

    1.3. When does this Privacy Notice apply? This Privacy Notice applies to Personal Data that you provide to Papa John’s or which is derived from other means as outlined below.

    1.4. Who is the ‘Data Controller’ of my Data? The data controller of papajohns.com is Papa John’s International, Inc., 2002 Papa John’s Boulevard, Louisville, Kentucky 40241, United States of America. Where a registration form is presented on this website, the name of the Papa John’s company may vary depending on the actual offering or the purpose of the data collection. Papa John’s may employ third-parties to process your data, but only at the direction of Papa John’s. The contact for Papa John’s is the New International Business Development Manager. Please refer to Section 4 below for more information.

    1.5. Use of this website by children. This website is not intended for anyone under the age of 16 years. If you are younger than 16, you may not register with or use this website.

    1.6. Links to other websites. If Papa John’s provides links to other services, we are not responsible for the content or privacy practices of these services.

    1.7. Updates. Papa John's reserves the right to modify, alter or otherwise update this Privacy Notice at any time and you are therefore encouraged to review it from time to time.

    1.8. Terms and Conditions. Our general Terms and Conditions can be viewed here.

  2. HOW DOES PAPA JOHN’S USE MY DATA?

    2.1. How long will Papa John’s process and use my data? Where Papa John’s is processing and using your Personal Data as permitted by law, Papa John’s will store your Personal Data (i) only for as long as is required to fulfil the purposes set out below or (ii) where Papa John’s has a legitimate interest in using your Personal Data until you object to Papa John’s use of your Personal Data, or (iii) where you consented to Papa John’s using your Personal Data, until you withdraw your consent. However, where Papa John’s is required by mandatory law to retain your Personal Data longer or where your Personal Data is required for Papa John’s to assert or defend against legal claims, Papa John’s will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled.

    2.2. Why am I required to provide Personal Data? There are circumstances in which Papa John’s cannot take action without certain Personal Data, for example because this Personal Data is required to process your application. In these cases, it will unfortunately not be possible for Papa John’s to provide you with what you request without the relevant Personal Data.

    2.3. Where will my Personal Data be processed? As part of a global group of companies, Papa John’s has affiliates and third-party service providers within and outside of the European Economic Area (the “EEA”). As a consequence, whenever Papa John’s is processing your Personal Data for the purposes set out in this Privacy Notice, Papa John’s may transfer your Personal Data to countries outside of the EEA including to such countries in which a statutory level of data protection applies that is not comparable to the level of data protection within the EEA. Whenever such transfer occurs, it is based on the Standard Contractual Clauses (according to EU Commission Decision 87/2010/EC or any future replacement) in order to contractually provide that your Personal Data is subject to a level of data protection that applies within the EEA.

    2.4. How secure will my Personal Data be? Papa John’s understands that the internet is not a secure medium and therefore we have implemented security measures to protect the loss, misuse or alteration of Personal Data placed under our control. All data gathered as a result of your website visit or a visit to one of our stores will be treated as confidential and will not be divulged to anyone outside of Papa John’s or one of Papa John’s agents without informing you.

    2.5. How can I see what Personal Data Papa John processes? You can request from Papa John’s at any time information about which Personal Data Papa John’s processes about you and the correction or deletion of such Personal Data. Please note, however, that Papa John’s can delete your Personal Data only if there is no statutory obligation or prevailing right of Papa John’s to retain it.

    You may request from Papa John’s a copy of the Personal Data that you have provided to us. In this case, please follow the link set out in Section 4 below and specify the information or processing activities to which your request relates, the format in which you would like this information, and where the Personal Data is to be sent to you. We will carefully consider how best to meet it. We may contact you to discuss this if it is not straightforward. You may be asked for ID to confirm your identity.

    Furthermore, you can request from Papa John’s that we restrict your Personal Data from any further processing in any of the following events: (i) you state that the Personal Data we have about you is incorrect, (but only for as long as Papa John’s requires to check or correct the accuracy of the relevant Personal Data), (ii) there is no legal basis for us to process your Personal Data and you require that Papa John’s restricts your Personal Data from further processing, (iii) or when you object to the processing of your Personal Data by Papa John’s (based on Papa John’s legitimate interest) for as long as it is required to review as to whether Papa John’s has a prevailing interest or legal obligation in processing your Personal Data.

    Please follow the link set out in Section 4 below to direct any such request.

    2.6. How do I lodge a complaint? If you believe that Papa John’s is not processing your Personal Data in accordance with the requirements set out here or applicable data protection laws applicable within the European Economic Area (EEA), you can at any time lodge a complaint with the data protection authority of the EEA country in which you live or with the data protection authority of the country or state in which Papa John’s is located in the EEA.

    You may also contact us using the information in Section 4.

  3. PAPA JOHN’S MAY PROCESS YOUR PERSONAL DATA BASED ON CONTRACT.

    If you submit your Personal Data to begin a franchise application process, we will use the Personal Data to determine if you are a viable applicant to enter into a contract with Papa John’s. As you continue in the franchise applicant process, Papa John’s may request further information such as your name, email address, home address, telephone numbers, birth date, financial history, and government identification numbers. Papa John’s may use this information to conduct background checks with third party vendors or to discuss you with references that you provide. Papa John’s may also attempt to verify the information you provide to us. We may use your email address, home address, telephone number to contact you regarding your application and your status within the application process.

    All of this Personal Information and its processing is necessary for the purpose of determining whether Papa John’s intends to enter into a franchise or development contract with you. If you do not wish Papa John’s to use or process this information, then you will revoke your application.

    If you or Papa John’s determines you are no longer a viable applicant, Papa John’s will delete your Personal Information. As long as you are an active applicant or franchisee, Papa John’s will retain your Personal Information; once you are no longer a Papa John’s franchisee, Papa John’s will retain your Personal Data until the end of the relevant legal retention period or until any claims in question between you and Papa John’s have been settled.

  4. CONTACT US & MANAGE YOUR PERSONAL DATA

    To manage your Personal Data, including:

    • requesting access to your Personal Data;
    • requesting deletion of your Personal Data;
    • requesting correction of your Personal Data;
    • requesting restriction of processing of your Personal Data;
    • opting-out of marketing communications; or
    • providing consent for certain processing of your Personal Data

    please send an email to erin_snyder@papajohns.com

    Papa John’s will respond to your request within 30 days. We may contact you or require additional information to understand your request or to verify your identity.

    You may also contact Papa John’s with concerns relating to the use of your Personal Data by contacting:

    Erin Snyder
    New International Business Development Manager
    erin_snyder@papajohns.com
    2002 Papa Johns Blvd Louisville, KY 40299 USA
    1(502)-261-7272