privacy policy – pennycake
FREE shipping with code WISHES24, plus a FREE ChatterTime™ On-the-Go Winter Edition with any purchase

privacy policy

Pennycake Privacy Policy

Effective as of [5.30.24]

This Pennycake Privacy Policy (“Privacy Policy”) describes how Chick-fil-A, Inc., its affiliates, subsidiaries, and related entities such as CFA Properties, Inc., CFA Servco, Inc., Chick-fil-A Canada ULC, and Chick-fil-A (PR) LLC (collectively, “Chick-fil-A”, “CFA Group”, “we”, “us”, or “our”) process and use the personal information that we collect through pennycake.com (“Online Services”), our interactions with you over the phone or offline related to Pennycake products and services (collectively, together with Online Services, the “Services”), and other sources. 

Please note this Privacy Policy supplements Chick-fil-A Privacy Policy, and it does not apply to other services offered by Chick-fil-A where a different privacy policy is provided.  If you would like to learn more about how Chick-fil-A handles personal information of our customers more generally across various services, please visit Chick-fil-A Privacy Policy  and our California Privacy PolicyWe share, and in the past 12 months have shared, personal information of our customers with our marketing and advertising partners for cross-contextual advertising purposes as further described below.  Otherwise, we do not sell, and in the past 12 months have not sold, personal information of our customers.  Additionally, we do not sell or share, and in the past 12 months have not sold or shared, personal information of individuals we know to be under 16 years of age.

1. We Make Updates to This Privacy Policy

    We may update this Privacy Policy from time to time, and the updated Privacy Policy applies to you after the effective date stated in the revised Privacy Policy. If our information practices change, we will post an updated policy on pennycake.com. If we change this Privacy Policy in a material way, we will provide appropriate notice to you such as posting a prominent notice on pennycake.com or emailing you if you provided your email to us.

    2. Categories of Personal Information We Collect and Process

      We collect and process the following categories of personal information in the course of providing the Services:

        1. Identifiers, such as a real name, physical address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. 
        2. Commercial information, including payments information, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. 
        3. Internet or other similar network activity, including, but not limited to, browsing history, search history, browser settings like language preference, and information regarding your interaction with a website, application, or advertisement. 
        4. Sensory data, including electronic, visual, or similar information. 
        5. Inferences, such as a profile about a consumer’s preferences, characteristics, and behavior, drawn from information we collect and insights we receive from third parties such as our marketing and advertising partners and data analytics providers.
        6. Sensitive personal information, such as account login information allowing access to an account. If you win a promotional prize or sweepstakes, we may also collect your W9 information, including FEIN or SSN for legal compliance.  Please note we do not collect sensitive personal information for the purpose of inferring characteristics about you.
      3. How We Use Your Information

        We use all categories of personal information described in the “Categories of Personal Information We Collect and Process” Section, on its own and combined with other information we collect about you, for the following purposes:

        a. Providing our products or services to you

          We use identifiers and commercial information to process your orders and payments and for operation of our business.

          b. Communicating with you

            We use identifiers, commercial information, internet or other similar network activity, and inferences to communicate with you regarding our products, services, events, promotions and other offers and respond to your inquiries, comments, feedback, stories, or postings. 

            c. Customizing and improving your experience

              We use your information to tailor our products, services, promotions, communications and the Services so that they are more useful and relevant to you, such as through targeted advertising and messaging personalization.

              d. Creating and managing your accounts with us

                We use your information to create and manage your accounts (e.g., Pennycake accounts, registration for events, ordering, payments, contests, promotions, etc.) and administer your participation in our programs, events and other offerings.  

                e. Getting to know our customers

                  We use your information to better understand your preferences and provide and improve support related to our product and service offerings and marketing efforts. For example, we may use your information to:

                  • develop our products, services, promotions, and other offers;
                  • respond to your requests, suggestions, and other communications;
                  • improve our Services and business operations; and
                  • conduct research and analysis for marketing, business and other operational purposes. 
                  f. Marketing and advertising

                    We use your information to promote our products and services and aim to provide tailored ads to you and others, including provision of targeted advertising or cross-context behavioral advertising. We may advertise our products and services using third-party websites or online services. Please see more information about our use of cookies and other tracking technologies in the “Information We Collect Automatically or from Others” in the Chick-fil-A Privacy Policy . To learn more about our advertising and marketing partners, please review our Cookie and Internet-Based Advertising Policy.  You may opt out of targeted advertising or disclosure for cross-context behavioral advertising by accessing our Cookie Preference Center located in the footer of pennycake.com.

                    g. Fraud detection, security, legal enforcement and compliance

                      We use your information to protect the security and integrity of our business and the Services, for enforcement of our agreement with you, for example, our terms, and our compliance with our applicable law.

                      We may combine personal information about you with other information we have acquired from third parties in accordance with applicable law. We will treat the combined information as personal information under this Privacy Policy. We will notify you and obtain consent, if required by applicable law, before processing your personal information for profiling in furtherance of “decisions that produce legal or similarly significant effects,” as such term is defined under applicable law. 

                      4. How We Disclose Your Information

                        To perform our Services, we may disclose any category of your personal information within Chick-fil-A and to third parties as necessary to complete your order, to provide our products and services, for purposes described in the “How We Use Your Information” Section, or with your consent. 

                        We may disclose your information to the following types of parties:

                        a. Within Chick-fil-A

                          We disclose personal information within Chick-fil-A to provide our products, services, promotions and other Services to you and for our marketing purposes, in accordance with applicable law. We may also disclose personal information within Chick-fil-A at your direction or request.

                          b. Service providers

                            We disclose personal information to third-party service providers that provide a variety of services on our behalf or at your direction for the purposes described in this Privacy Policy, including but not limited to the development, maintenance, and support of the Services and social media pages, payment processing, fraud detection, delivery of products and services, the distribution of email and mobile messages, promotions, advertising services, and marketing research and analysis. 

                            We may also disclose the personal information we collect to our analytics vendors and partners to develop aggregate analytics and business intelligence for our advertising and marketing purposes. For example, we use personal information to create custom audiences and measure the success of promotions.

                            c. Other entities

                              In addition, we may disclose personal information to other entities for additional purposes. For example, we may disclose personal information to our business partners and other third parties upon your request or at your direction. We may also disclose personal information as part of a sale, merger or change in control, or in preparation for these corporate events. An entity that buys us or part of our business may continue to use your data in accordance with the Privacy Policy unless you request otherwise.

                              We may also disclose personal information as may be necessary to detect security incidents and fraudulent or illegal actions or to protect the safety, property, or other rights of Chick-fil-A, and our employees, customers, visitors, users, service providers, or any other person or entity; to comply with law, a court order, or other legal process (which may include access by courts, law enforcement or governmental authorities in the US or other jurisdictions), or in connection with a legal investigation; to enforce any applicable terms and conditions and other agreements; as otherwise may be required or permitted by applicable law; or in accordance with your consent. 

                              5. Your Privacy Rights

                                You may have the following rights, in each case to the extent set out in applicable law:

                                • The right to confirm whether we process personal information about you and request access to such personal information;  
                                • The right to correct inaccuracies in certain personal information we may hold about you; and
                                • The right to request that we delete personal information collected from or about you. Note, processing your deletion request will result in the elimination of your Pennycake account. 

                                You may request to exercise these rights by:

                                • Calling us toll-free at Chick-fil-A CARES (1-866-232-2040); or
                                • Completing our privacy rights request form.  If you have a Chick-fil-A One account, please complete the privacy rights request form available here [link]. Please complete the form available here [link] if you do not have a Chick-fil-A One account.

                                If your rights request is denied, you may lodge an appeal with us.  The response to your rights request will inform you of any appeal rights you may have and how you may exercise them.

                                We do not sell personal information, but if you wish to opt out of our targeted advertising or disclosure of personal information for cross-context behavioral advertising, each as defined under applicable law, please visit our Cookie Preference Center, located in the footer of pennycake.com.  Additionally, we process opt-out preference signals from Global Privacy Control (“GPC”). GPC is a browser-level technical specification that you can use to inform websites that you opt out of sales or sharing of personal information for cross-context behavioral advertising or targeted advertising. If you use GPC, our website will treat the browser and device you use to access our website as opted-out from sales or sharing to the extent we engage in such processing.

                                As required under applicable law, we will take steps to verify your identity before granting you access to information or acting on your request to exercise your rights. We may require you to provide your first name, last name, email address, the amount of your last transaction and the date of your last transaction to verify your identity in response to exercising requests of the above type. We may limit our response to your exercise of the above rights as permitted under applicable law. When you submit a request to exercise your rights described above, we will use the information you provide to process your request and to maintain a record of your request and our response, as permitted under applicable law.

                                Under applicable law, you may designate an authorized agent to make a request on your behalf. You may make such a designation by providing the agent with written permission to act on your behalf. We will require the agent to provide proof of that written permission. To the extent permitted by law, we may require you to verify your own identity in response to a request, even if you choose to use an agent.

                                If you are an authorized agent submitting a request on behalf of a consumer, please complete our rights request form available here

                                6. Information Security

                                  We seek to keep your personal information secure by implementing reasonable technical, administrative, and physical safeguards to help us protect such information from unauthorized access, use, and disclosure. When we collect or transmit sensitive information such as a credit card number, we endeavor to use industry standard methods to protect that information. We also ask our third-party service providers to use reasonable security measures to protect your information from unauthorized access, use and disclosure. However, please be aware that no method of electronically transmitting or storing information is ever completely secure.

                                  7. Retention

                                    We retain personal information for the length of time needed to carry out the processing purposes described in the Privacy Policy. We also retain information for related business purposes, security, legal compliance, and disputes and claims handling, consistent with our retention policy and as permitted by applicable law.

                                    8. Do Not Track

                                      We do not currently take actions to respond to “Do Not Track” signals from browsers because a uniform technological standard has not yet been developed.  However, we respond to the GPC signals as the opt out preference signal as described in our Cookie and Internet-Based Advertising Policy.

                                      9. Children's Privacy

                                        The Online Services are not intended for children under the age of 13, without parental or legal guardian consent. We do not knowingly collect personal information from users in this age group. If you believe your child has provided personal information to us, please contact us using the “Contact Us” page, and we will work to delete it.

                                        10. Contact Us

                                          If you have any questions or complaints about this Privacy Policy or how we or our service providers collect, use or disclose your personal information, or if you need accessibility assistance, please contact us using any of the methods below:

                                          • If you are a resident of the United States (excluding Puerto Rico), by visiting the website at <http://www.chick-fil-a.com/Connect/Contact-Us-CARES> or calling us at 1-866-232-2040. You may also contact us by emailing us at privacy@chick-fil-a.com.
                                          • If you are a resident of Puerto Rico, by emailing us at privacy.puertorico@chick-fil-a.com.