PRIVACY POLICY

Last revised 5th August 2024

This Privacy Policy describes the information that MGCA Cafe MY Sdn. Bhd. (“THMY”) and any of its affiliates (collectively, the “Company”, “we”, “us” or “our”) collect personal data and how it is used and shared. This policy applies to any personal data collected about you by the Company.

THMY has a master franchise agreement with Tim Hortons Asia Pacific Pte. Ltd., an affiliate of Restaurant Brands International Inc. The Services (as defined in the Terms of Service) are independently owned and operated by the Company.

PERSONAL DATA WE COLLECT

We may collect your personal data when you:

  • visit Tim Hortons® restaurants in Malaysia;
  • visit or use www.timhortons.my website and social media accounts;
  • use any website, mobile or tablet application, digital in-restaurant kiosk, or other online service or platform of any company that links or refers to it;
  • purchase or avail any of our products, services, promos, and activities;
  • provide personal data in relation to your inquiries, requests, complaint, or for any other reasons;
  • apply for employment and training;
  • interact with our personnel and representatives through mail, email, phone, or face-to-face meetings; and
  • enter into a contract or any arrangement with us.

We may collect the following personal data but not limited to:

  • Your name, mailing address, contact numbers, email address, and other information necessary and desirable to the transactions or performance of our obligations;
  • Information about your visit and use of our websites, social media accounts, IP addresses, your browsing behaviour within and throughout our digital assets, and session lengths, that are collected by our website analytics tools and cookies that we may place on your computer; and
  • Your social media behaviour when you tag, mention, or post photographs of any development of Tim Hortons® restaurants publicly on any social media account.

HOW WE USE PERSONAL DATA

We collect, use, and disclose your personal data for the following purposes:

Customers

  • provide and manage the products and services you request;
  • operate and manage our stored-value card program (where applicable);
  • communicate with you about our products, services, and promotions;
  • communicate relevant services and advisories including our responses to your queries, requests, and complaints;
  • deliver targeted advertising, promotions, and offers;
  • understand our customers so that we can develop and improve our customer service, promotions, products, and services; and
  • process information for statistical, analytical, and research purposes.

Applicants/Employees

  • evaluate your applications for employment and training; and
  • process for personnel, administrative, and payroll purposes.

Suppliers/Partners

  • process for accreditation; and
  • evaluate fulfilment of obligations under relevant agreements.

All Stakeholders

  • comply with regulatory reporting and recordkeeping; and
  • comply with the requirements of applicable laws.

SHARING OF DATA

We may share your data with:

  • affiliates, franchisor and franchisor’s related companies, including but not limited to Burger King®, Tim Hortons® and Restaurant Brands International®;
  • business partners, service providers, and social media services;
  • companies that provide content, advertising, or functionality; and
  • other parties when required or permitted by applicable laws, as necessary to protect our users, or in connection with a corporate transaction.

We may provide aggregated data, and data with personal identifiers removed, to third parties to describe how our customers are using the Services. We also may share data about you with third parties whenever you consent to or direct such sharing.

ONLINE ADVERTISING AND COOKIES

We and other companies that provide advertising and other services on our Services may use cookies, web beacons, do-not-track signals, and similar technologies to improve and customise your advertisements and your experience using our Services. The Privacy Policy provides additional data about our collection of data through these technologies.

PRIVACY AND ACCESS CHOICES AVAILABLE TO YOU

The Privacy Policy provides data about how to manage the privacy and access choices available to you. For example, you may block cookies and similar technologies, opt out of receiving certain targeting advertising, and opt out of receiving commercial communications. In some circumstances, you also may have a right to access, update, and correct inaccuracies in your personal data.

DATA SECURITY AND OTHER IMPORTANT DATA

We have in place certain procedures to protect your personal data in our custody and control but cannot guarantee the security of our Services or our control over your data when it is transmitted over the Internet.

The Privacy Policy provides additional important data about our data security practices, links to third party sites, children’s privacy, Malaysia privacy rights, and international transfers of data.

How to Contact Us

For any question or concerns regarding data privacy, please contact our Data Protection Officer at the following:

Please check and confirm.

Email: hellomy@tims-mgca.com

DATA WE COLLECT

We collect personal data about our users in various ways. For example, we collect personal data that you provide to us, information that we collect through your use of the Services (as defined in the Terms of Service), and information that we collect from publicly available sources or third parties.

Data You Provide to Us

We collect data you give us when you use the Services. For example, when you visit one of our restaurants, visit one of our websites or use one of our Services, create an account with us, buy a stored-value card in-restaurant or online, participate in a survey or promotion, or take advantage of our in-restaurant Wi-Fi service, we may ask for data such as your name, email address, year of birth, gender, street address, or mobile phone number so that we can provide Services to you. We may collect payment data, such as your credit card number, security code and expiration date, to process a financial transaction you have requested. We also may collect data about the products you buy, including where and how frequently you buy them, your use of coupons and stored-value cards, and the rewards you earn through our loyalty programs so that we can learn more about your interests and better serve you.

Information About Your Use of the Services

In addition to the information you provide to us directly, we may collect information about your use of the Services. For example, we may collect:

  • Device information — such as your hardware model, IP address, other unique device identifiers, operating system version, and settings of the device you use to access the Services.
  • Usage information — such as information about the Services you use, the time and duration of your use of the Services and other information about your interaction with content offered through a Service, and any information stored in cookies and similar technologies that we have set on your device.
  • Location information — such as your computer’s IP address, your mobile device’s GPS signal or information about nearby Wi-Fi access points and cell towers that may be transmitted to us when you use the Services.

Data From Third-Party Sources

We may receive data about you from publicly and commercially available sources, as permitted by applicable laws, which we may combine with other data we receive from or about you. For example, we may receive data about you from a social media site if you connect to the Services through that site.

Other Data We Collect

We also may collect other data about you, your device, or your use of the Services in ways that we describe to you at the point of collection or otherwise with your consent.

2. HOW WE USE DATA

When You Register or Create an Account

If you choose to use certain features on the Services, you may need to register or create an account and provide personal data such as name, email address, location, year of birth and a username and password that you choose. We use this data to identify you and provide the requested feature and Services.

To Facilitate Participation in Our Stored-Value Card Programs

If you purchase a stored-value card, we may also use your data to operate and manage that program, which may include setting up automatic reloads and providing online or in-restaurant balance inquiries. We may also use this data to develop and improve our product and service offerings and provide you with tailored offers and data.

To Provide and Manage the Products and Services You Request

We use data that we collect to process your purchases of products, enable you to participate in features provided by the Services and in-restaurant, provide you with tailored offers, and improve the Services that we provide to you. From time to time, we may offer you the ability to personalise our products and Services, such as by uploading a photo or other data. We may also use services provided by third parties (such as social media platforms) to serve targeted ads to you and others on such platforms.

To Respond to You

When you contact us, we may collect data that identifies you (such as your name, address, and a phone number) along with additional data we need to help us promptly answer your question or respond to your comment. We retain this data to assist you in the future and to improve our customer service, products, Services, and promotions.

When You Make a Purchase

You do not have to provide any personal data when you purchase merchandise with cash at a restaurant. If you use a credit or debit card for your purchase, your debit or credit card-related data will be collected to process and administer your payment. When you make purchases through the online Services, we may collect data such as your name, email address, billing address, the email or mailing address for delivery (if applicable), phone number, and payment card data. This data is used to process, fulfil, and deliver your order.

To Contact You

We may contact you with offers and data about the Services and our affiliates, including to inform you about our products, events, promotions, and special offers that may be tailored to your interests. You may opt out of receiving commercial messages from us by following the instructions contained in our electronic messages or by contacting us as set out below.

To Deliver Targeted Advertising

We may use your data, including your location data, to facilitate the delivery of targeted ads, promotions, and offers to you, on behalf of ourselves, select business partners, and advertisers, on and off the Services. (Please see “Interest-Based Advertisements” section below.)

To Better Understand Our Customers and to Improve Our Services

In the course of providing the Services, we may collect data on our users’ demographics, interests and behaviour and analyse that data. We do this to better understand and serve our users, and to improve our products and Services.

When You Use a “Share with a Friend” or Similar Feature on the Services

The Services may offer a “share with a friend” or other similar feature which permits you to electronically send content from the Services to others by providing us with their contact data. Except where permitted by applicable laws, we do not use the contact data you provide when using this feature for other unrelated purposes without your consent or the consent of the recipient, as applicable. Please ensure that you only submit contact data for individuals you know and who would want to receive the content you share with them.

Consent

We may otherwise use your data with your consent or at your direction.

3. SHARING OF DATA

The following provides data about entities with which we may share data.

Our practices vary depending on the type of data and sharing.

Affiliates.

We may share data within our family of affiliated companies so that we may provide offers from those companies that may be relevant to you, better understand your preferences, and improve our Services.

Franchisees

We may share data with local owners of Burger King® and Tim Hortons® restaurants, particularly when they will work with us in delivering Services to you. For example, local restaurants will implement delivery and take-away services that you may request through the Services. We also may provide our franchisees with data so that a local restaurant may provide you with offers and promotions that might interest you.

Business Partners

We may also share your data with business partners to provide you with Services that you request. For example, if you sign up for a promotion that runs on our Services but that is sponsored or co-sponsored by another company, your data may be shared with that sponsor. We are not responsible for the privacy practices of these entities and recommend you review their privacy policies carefully.

Service Providers

We may share data with companies providing services on our behalf, such as delivery services, hosting vendors, advertising service providers, data analytics companies, marketing service companies, and list managers. We also may share your data, including your payment data, as appropriate to process your payments for the Services or complete a transaction. Our service providers are given the data they need to perform their designated functions, and we do not authorise them to use or disclose personal data for their own marketing or other unrelated purposes.

Social Media Services

If you connect a social media account with the Services or engage with our Services through a social media platform, we may share your data with that social media platform, and it may share data about you with us. We may use this data to personalise your experience on the Services and on the third party social media platforms, or to provide you with offers or other products or Services you may request. The social media services’ use of the shared data will be governed by the social media services’ privacy policy and your social media account settings. If you do not want your data shared in this way, do not connect your social media service account with the Services.

Companies that Provide Content, Advertising, or Functionality

Some of the content, advertising, and functionality on our Services may be provided by third parties, such as our advertisers. These companies may collect or receive certain data about your use of the Services, including through the use of cookies, beacons, and similar technologies, and this data may be combined with data collected across different websites and online services in order to deliver ads that are more relevant to you, both on and off our Services.

Other Parties When Required or Permitted by Law, or As Necessary to Protect Our Users and Services

We and our service providers (including affiliates) may use and share your personal data as we believe is necessary or appropriate to protect, enforce, or defend the legal rights, privacy, safety, or property of the Services, our employees or agents or users, to detect, suppress or prevent fraud or where otherwise required or permitted by applicable laws or legal process, including responding to a search warrant or other legally valid requests from public and government authorities (which may include lawful access by U.S., Canadian, or other governmental authorities, courts or law enforcement agencies).

Other Parties in Connection with a Corporate Transaction

We reserve the right to transfer any data we have about you in the event that we sell or transfer all or a portion of our business or assets to a third party, such as in the event of a merger, acquisition, or in connection with a bankruptcy reorganisation.

Otherwise With Your Consent or at Your Direction

In addition to the sharing described in this Privacy Policy, we may share data about you with third parties whenever you consent to or direct such sharing.

Aggregated Data

We also may provide aggregated data, and data with personal identifiers removed, to third parties to describe how our customers are using the Services.

4. ONLINE ADVERTISING AND COOKIES

We and other companies that provide advertising and other services on our Services may use cookies, web beacons, and similar technologies to facilitate administration and navigation, to better understand and improve our Services, to determine and improve the advertising shown to you here or elsewhere, and to provide you with a customised online experience.

Interest-Based Advertisements

We may use third parties to serve advertisements on our Services and on other websites and digital platforms. These companies may use cookies, web beacons or other technologies to report certain data about your visits to our Services and other websites (such as web pages you visit and your response to ads) in order to measure the effectiveness of our marketing campaigns and to deliver ads that are more relevant to you, both on and off our Services. To learn more and to opt-out of having your data used by these companies for online behavioural advertising purposes, please see “Choices with Respect to Interest-Based Advertisements” section below. We may also use services provided by third parties (such as social media platforms) to serve targeted ads to you and others on such platforms. We may do this by providing a hashed version of your email address or other data to the platform provider.

Cookies

“Cookies” are small files that are placed on your computer when you visit a website. Cookies may be used to store a unique identification number tied to your computer or device so that you can be recognised as the same user across one or more browsing sessions, and across one or more sites. Cookies serve many useful purposes. For example:

  • Cookies can remember your sign-in credentials, so you do not have to enter those credentials each time you visit a Service.
  • Cookies can help us, and third parties understand which parts of our Services are the most popular because they help us see which pages and features visitors’ access and how much time they spend on the pages. By studying this kind of data, we are better able to adapt our Services and provide you with a better experience.
  • Cookies help us and third parties understand which ads you have seen so that you do not receive the same ad each time you access a Service.

Most browsers accept cookies automatically but can be configured not to do so. If you wish to disable cookies, refer to your browser help menu to learn how to disable cookies. If you disable cookies, it may interfere with the functioning of the Services.

Beacons

We, along with third parties, also may use technologies called beacons (or “pixels”) that communicate data from your device to a server. Beacons can be embedded in online content, videos, and emails, and can allow a server to read certain types of data from your device, know when you have viewed particular content or a particular email message, determine the time and date on which you viewed the beacon, and the IP address of your device. We and third parties use beacons for a variety of purposes, including to analyse the use of our Services and (in conjunction with cookies) to provide content and ads that are more relevant to you both on and off the Service.

Local Storage & Other Tracking Technologies

We, along with third parties, may use other kinds of technologies, such as HTML5 local storage, in connection with our Services. These technologies are similar to the cookies discussed above in that they are stored on your device and can be used to store certain data about your activities and preferences. However, these technologies may make use of different parts of your device from standard cookies, and so you might not be able to control them using standard browser tools and settings. For HTML5 local storage, the method for disabling HTML5 will vary depending on your browser.

Do-Not-Track Signals and Similar Mechanisms

Some web browsers may transmit “do-not-track” signals to the websites with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. Because there currently is no industry standard concerning what, if anything, websites should do when they receive such signals, the Services currently do not take action in response to these signals. If and when a final standard is established and accepted, we will reassess how to respond to these signals.

5. PRIVACY AND ACCESS CHOICES AVAILABLE TO YOU

Choices With Respect to Cookies and Similar Technologies

You may block cookies and similar technologies in your browser or device settings, as and if permitted by such device.

Choices With Respect to Interest-Based Advertising

You may opt out of receiving targeted advertising from participating ad networks, audience segment providers, ad serving vendors, and other service providers by visiting websites operated by the Network Advertising Initiative, and Digital Advertising Alliance.

Manage Your Account

You may access, modify, or delete your account on the settings or profile page, or by contacting the Privacy Officer at hellomy@tims-mgca.com with such written request.

Data Access

Subject to applicable laws, you may also have a right to access, update, and correct inaccuracies in other personal data in our custody and control, subject to certain exceptions prescribed by applicable laws. You may request access, updating and corrections of inaccuracies in the personal data we have in our custody or control by emailing or writing to us at the contact data set out below. We may request certain personal data for the purposes of verifying the identity of the individual seeking access to their personal data records.

Email Promotions

You may opt out of receiving commercial email, text message, and other electronic messages from us by following the instructions contained in those messages.

6. DATA SECURITY AND OTHER IMPORTANT DATA

We have in place physical, electronic, and managerial procedures to protect personal data in our custody and control against loss, theft and unauthorised access, use, modification, and disclosure. However, as effective as these measures are, no security system is impenetrable. We cannot guarantee the security of our Services, nor can we guarantee that the data you provide will not be intercepted while being transmitted to us over the Internet.

7. OTHER IMPORTANT DATA

Children’s Privacy

We do not knowingly collect any personal data from children under the age of 13 without parental consent, unless permitted by applicable laws. If we learn that a child under the age of 13 has provided us with personal data, we will delete it in accordance with applicable laws.

Links to Third-Party Sites

Our Services may link to third party websites and services that we do not operate and are outside of our control. We are not responsible for the security or privacy of any data collected by other websites or other services. Please exercise caution and review the privacy statements applicable to the third party websites and services you use.

Changes to Our Privacy Policy

We may modify this Privacy Policy from time to time. We will notify you of changes by posting changes here, or by other appropriate means. Any changes to the Privacy Policy will become effective when the updated policy is posted on www.timhortons.my website. Your use of the Services or your provision of personal data to use the Services following such changes indicates your acceptance of the revised Privacy Policy.